Weekly Vulnerabilities Reports > June 19 to 25, 2023
Overview
526 new vulnerabilities reported during this period, including 70 critical vulnerabilities and 191 high severity vulnerabilities. This weekly summary report vulnerabilities in 1074 products from 258 vendors including Apple, Dell, Huawei, Mozilla, and Xwiki. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", "SQL Injection", and "Out-of-bounds Read".
- 390 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 164 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 332 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 71 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
70 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-19 | CVE-2019-25136 | Mozilla | Unspecified vulnerability in Mozilla Firefox A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. | 10.0 |
2023-06-22 | CVE-2023-36355 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr940N Firmware TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. | 9.9 |
2023-06-22 | CVE-2023-35926 | Linuxfoundation | Code Injection vulnerability in Linuxfoundation Backstage Backstage is an open platform for building developer portals. | 9.9 |
2023-06-25 | CVE-2023-36660 | Nettle Project | Out-of-bounds Write vulnerability in Nettle Project Nettle 3.9 The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. | 9.8 |
2023-06-24 | CVE-2023-3197 | Inspireui | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. | 9.8 |
2023-06-23 | CVE-2023-35169 | Webklex | Path Traversal vulnerability in Webklex PHP-Imap PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. | 9.8 |
2023-06-23 | CVE-2023-34460 | Tauri | Improper Authorization vulnerability in Tauri 1.4.0 Tauri is a framework for building binaries for all major desktop platforms. | 9.8 |
2023-06-23 | CVE-2022-22630 | Apple | Use After Free vulnerability in Apple mac OS X and Macos A use after free issue was addressed with improved memory management. | 9.8 |
2023-06-23 | CVE-2023-32387 | Apple | Use After Free vulnerability in Apple Macos A use-after-free issue was addressed with improved memory management. | 9.8 |
2023-06-23 | CVE-2023-32412 | Apple | Use After Free vulnerability in Apple products A use-after-free issue was addressed with improved memory management. | 9.8 |
2023-06-23 | CVE-2023-32419 | Apple | Unspecified vulnerability in Apple Iphone OS The issue was addressed with improved bounds checks. | 9.8 |
2023-06-23 | CVE-2023-3391 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability was found in SourceCodester Human Resource Management System 1.0. | 9.8 |
2023-06-23 | CVE-2023-30258 | Magnussolution | OS Command Injection vulnerability in Magnussolution Magnusbilling Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | 9.8 |
2023-06-23 | CVE-2023-3383 | Game Result Matrix System Project | SQL Injection vulnerability in Game Result Matrix System Project Game Result Matrix System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. | 9.8 |
2023-06-23 | CVE-2023-3380 | Wavlink | Injection vulnerability in Wavlink Wn579X3 Firmware 20200515 A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. | 9.8 |
2023-06-23 | CVE-2023-33299 | Fortinet | Deserialization of Untrusted Data vulnerability in Fortinet Fortinac A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. | 9.8 |
2023-06-22 | CVE-2023-28094 | Pega | Unspecified vulnerability in Pega Platform Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. | 9.8 |
2023-06-22 | CVE-2023-3128 | Grafana | Authentication Bypass by Spoofing vulnerability in Grafana Grafana is validating Azure AD accounts based on the email claim. | 9.8 |
2023-06-22 | CVE-2023-32571 | Dynamic Linq | Incorrect Comparison vulnerability in Dynamic-Linq Linq Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. | 9.8 |
2023-06-22 | CVE-2023-2611 | Advantech | Use of Hard-coded Credentials vulnerability in Advantech R-Seenet Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. | 9.8 |
2023-06-22 | CVE-2023-3326 | Freebsd | Improper Authentication vulnerability in Freebsd pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. | 9.8 |
2023-06-22 | CVE-2023-36097 | Funadmin | Unrestricted Upload of File with Dangerous Type vulnerability in Funadmin 3.3.2/3.3.3 funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. | 9.8 |
2023-06-22 | CVE-2023-35174 | Livebook | OS Command Injection vulnerability in Livebook Livebook is a web application for writing interactive and collaborative code notebooks. | 9.8 |
2023-06-22 | CVE-2023-20892 | Vmware | Out-of-bounds Write vulnerability in VMWare Vcenter Server The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | 9.8 |
2023-06-22 | CVE-2023-20893 | Vmware | Use After Free vulnerability in VMWare Vcenter Server The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | 9.8 |
2023-06-22 | CVE-2023-20894 | Vmware | Out-of-bounds Write vulnerability in VMWare Vcenter Server The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | 9.8 |
2023-06-22 | CVE-2023-20895 | Vmware | Out-of-bounds Write vulnerability in VMWare Vcenter Server The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | 9.8 |
2023-06-22 | CVE-2023-29711 | Interlink | Unspecified vulnerability in Interlink Psg-5124 Firmware 1.0.4 An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. | 9.8 |
2023-06-22 | CVE-2023-34939 | Onlyoffice | Path Traversal vulnerability in Onlyoffice Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | 9.8 |
2023-06-22 | CVE-2023-29931 | Laravels Project | Unspecified vulnerability in Laravels Project Laravels 3.7.35 laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | 9.8 |
2023-06-22 | CVE-2023-34601 | Jeesite | SQL Injection vulnerability in Jeesite Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. | 9.8 |
2023-06-21 | CVE-2023-33584 | Enrollment System Project | SQL Injection vulnerability in Enrollment System Project Enrollment System 1.0 Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. | 9.8 |
2023-06-21 | CVE-2023-34340 | Apache | Improper Authentication vulnerability in Apache Accumulo 2.1.0 Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. | 9.8 |
2023-06-20 | CVE-2023-34563 | Netgear | Classic Buffer Overflow vulnerability in Netgear R6250 Firmware 1.0.4.48 netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. | 9.8 |
2023-06-20 | CVE-2023-33869 | Enphase | OS Command Injection vulnerability in Enphase Envoy Firmware D7.0.88 Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. | 9.8 |
2023-06-20 | CVE-2023-35885 | MGT Commerce | Reliance on Cookies without Validation and Integrity Checking vulnerability in Mgt-Commerce Cloudpanel CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. | 9.8 |
2023-06-20 | CVE-2023-3340 | Online School Fees System Project | SQL Injection vulnerability in Online School Fees System Project Online School Fees System 1.0 A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. | 9.8 |
2023-06-20 | CVE-2020-20413 | Wuzhicms | SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | 9.8 |
2023-06-20 | CVE-2020-20703 | VIM | Classic Buffer Overflow vulnerability in VIM 8.1.2135 Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. | 9.8 |
2023-06-20 | CVE-2020-20718 | Pluck CMS | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluckcms 4.7.10 File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. | 9.8 |
2023-06-20 | CVE-2020-20735 | 8Cms | Unrestricted Upload of File with Dangerous Type vulnerability in 8Cms Ljcms 4.3.R60321 File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter. | 9.8 |
2023-06-20 | CVE-2020-21174 | Feehi | Unrestricted Upload of File with Dangerous Type vulnerability in Feehi Feehicms 2.0.7.1 File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. | 9.8 |
2023-06-20 | CVE-2020-21474 | Nucleuscms | Unrestricted Upload of File with Dangerous Type vulnerability in Nucleuscms 3.71 File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | 9.8 |
2023-06-20 | CVE-2020-21489 | Feehi | Unrestricted Upload of File with Dangerous Type vulnerability in Feehi Feehicms 2.0.8 File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. | 9.8 |
2023-06-20 | CVE-2023-34541 | Langchain | Unspecified vulnerability in Langchain 0.0.171 Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | 9.8 |
2023-06-20 | CVE-2023-34600 | Adiscon | SQL Injection vulnerability in Adiscon Loganalyzer Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. | 9.8 |
2023-06-20 | CVE-2023-35854 | Zohocorp | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. | 9.8 |
2023-06-20 | CVE-2023-3337 | Online Shopping System Advanced Project | Improper Authentication vulnerability in Online Shopping System Advanced Project Online Shopping System Advanced 1.0 A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. | 9.8 |
2023-06-20 | CVE-2023-3325 | Cmscommander | Insufficient Entropy vulnerability in Cmscommander CMS Commander The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. | 9.8 |
2023-06-19 | CVE-2023-34159 | Huawei | Unspecified vulnerability in Huawei Emui 13.0.0 Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. | 9.8 |
2023-06-19 | CVE-2023-31411 | Sick | Missing Authentication for Critical Function vulnerability in Sick Eventcam APP A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. | 9.8 |
2023-06-19 | CVE-2023-2907 | Marksoft | SQL Injection vulnerability in Marksoft Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | 9.8 |
2023-06-19 | CVE-2022-47586 | Themefic | SQL Injection vulnerability in Themefic Ultimate Addons for Contact Form 7 Unauth. | 9.8 |
2023-06-19 | CVE-2023-27992 | Zyxel | OS Command Injection vulnerability in Zyxel Nas326 Firmware, Nas540 Firmware and Nas542 Firmware The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. | 9.8 |
2023-06-19 | CVE-2023-25736 | Mozilla | Unspecified vulnerability in Mozilla Firefox An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. | 9.8 |
2023-06-19 | CVE-2023-29542 | Mozilla | Unspecified vulnerability in Mozilla Firefox A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. | 9.8 |
2023-06-19 | CVE-2023-34416 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. | 9.8 |
2023-06-19 | CVE-2023-34417 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 113. | 9.8 |
2023-06-19 | CVE-2023-29531 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. | 9.8 |
2023-06-19 | CVE-2023-32216 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 112. | 9.8 |
2023-06-19 | CVE-2023-27396 | Omron | Missing Authentication for Critical Function vulnerability in Omron products FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. | 9.8 |
2023-06-19 | CVE-2023-35853 | Oisf | Unspecified vulnerability in Oisf Suricata In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. | 9.8 |
2023-06-19 | CVE-2023-35855 | Valvesoftware | Classic Buffer Overflow vulnerability in Valvesoftware Counter-Strike A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. | 9.8 |
2023-06-19 | CVE-2023-35856 | Nintendo | Classic Buffer Overflow vulnerability in Nintendo Mario Kart WII A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet. | 9.8 |
2023-06-19 | CVE-2023-35857 | Siren | Insufficient Session Expiration vulnerability in Siren Investigate 12.1.7/13.2.0/13.2.1 In Siren Investigate before 13.2.2, session keys remain active even after logging out. | 9.8 |
2023-06-19 | CVE-2023-35839 | Solon | Deserialization of Untrusted Data vulnerability in Solon A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload. | 9.8 |
2023-06-23 | CVE-2023-35172 | Nextcloud | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. | 9.1 |
2023-06-22 | CVE-2023-2989 | Globalscape | Out-of-bounds Read vulnerability in Globalscape EFT Server 6.2.31.2 Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited | 9.1 |
2023-06-19 | CVE-2023-29158 | Subnet | Authentication Bypass by Capture-replay vulnerability in Subnet Powersystem Center 2020 SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | 9.1 |
2023-06-19 | CVE-2023-29534 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Firefox Focus Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. | 9.1 |
191 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-25 | CVE-2023-36663 | IT Novum | SQL Injection vulnerability in It-Novum Openitcockpit 4.6.4 it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. | 8.8 |
2023-06-25 | CVE-2023-36630 | MGT Commerce | Unrestricted Upload of File with Dangerous Type vulnerability in Mgt-Commerce Cloudpanel In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. | 8.8 |
2023-06-24 | CVE-2023-1722 | Yoga Class Registration System Project | Cross-Site Request Forgery (CSRF) vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0 Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. | 8.8 |
2023-06-23 | CVE-2023-35932 | Jcvi Project | Improper Validation of Specified Quantity in Input vulnerability in Jcvi Project Jcvi jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. | 8.8 |
2023-06-23 | CVE-2023-35165 | Amazon | Incorrect Authorization vulnerability in Amazon AWS Cloud Development KIT AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. | 8.8 |
2023-06-23 | CVE-2023-35928 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. | 8.8 |
2023-06-23 | CVE-2023-34203 | Progress | Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. | 8.8 |
2023-06-23 | CVE-2023-36345 | Codekop | Cross-site Scripting vulnerability in Codekop 2.0 A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. | 8.8 |
2023-06-23 | CVE-2023-36348 | Codekop | Missing Authorization vulnerability in Codekop 2.0 POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | 8.8 |
2023-06-23 | CVE-2023-34672 | Elenos | Unspecified vulnerability in Elenos Etg150 Firmware 3.12 Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. | 8.8 |
2023-06-23 | CVE-2023-32373 | Apple Redhat Webkitgtk | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
2023-06-23 | CVE-2023-32435 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |
2023-06-23 | CVE-2023-32439 | Apple | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |
2023-06-23 | CVE-2023-34671 | Elenos | Unspecified vulnerability in Elenos Etg150 FM Firmware 3.12 Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. | 8.8 |
2023-06-23 | CVE-2023-35152 | Xwiki | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.8 |
2023-06-23 | CVE-2023-23679 | Jshelpdesk | Authorization Bypass Through User-Controlled Key vulnerability in Jshelpdesk Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. | 8.8 |
2023-06-23 | CVE-2023-36271 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | 8.8 |
2023-06-23 | CVE-2023-36272 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. | 8.8 |
2023-06-23 | CVE-2023-36273 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | 8.8 |
2023-06-23 | CVE-2023-36274 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. | 8.8 |
2023-06-23 | CVE-2023-30260 | Raspap | Command Injection vulnerability in Raspap Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | 8.8 |
2023-06-23 | CVE-2023-31469 | Apache | Improper Privilege Management vulnerability in Apache Streampipes A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. | 8.8 |
2023-06-22 | CVE-2023-36239 | Libming | Classic Buffer Overflow vulnerability in Libming 0.4.7 libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c. | 8.8 |
2023-06-22 | CVE-2023-34028 | Pluginus | Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wolf - Wordpress Posts Bulk Editor and Manager Professional Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. | 8.8 |
2023-06-22 | CVE-2023-23795 | WEB Settler | Cross-Site Request Forgery (CSRF) vulnerability in Web-Settler Form Builder Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. | 8.8 |
2023-06-22 | CVE-2023-35917 | Woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Paypal Payments Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | 8.8 |
2023-06-21 | CVE-2023-0971 | Silabs | Incorrect Authorization vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | 8.8 |
2023-06-21 | CVE-2023-0972 | Silabs | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |
2023-06-21 | CVE-2023-3110 | Silabs | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Unify Software Development KIT 1.3.1 Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |
2023-06-21 | CVE-2022-3372 | Riello UPS | Cross-Site Request Forgery (CSRF) vulnerability in Riello-Ups Netman 204 Firmware 02.05 There is a CSRF vulnerability on Netman-204 version 02.05. | 8.8 |
2023-06-21 | CVE-2022-45287 | Temenos | Unspecified vulnerability in Temenos CWX 8.5.6 An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. | 8.8 |
2023-06-20 | CVE-2023-35166 | Xwiki | Unspecified vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
2023-06-20 | CVE-2020-20067 | Ebcms | Unrestricted Upload of File with Dangerous Type vulnerability in Ebcms 1.1.0 File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter. | 8.8 |
2023-06-20 | CVE-2020-20726 | Gilacms | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.11.4 Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | 8.8 |
2023-06-20 | CVE-2020-21252 | Hongcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0 Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | 8.8 |
2023-06-20 | CVE-2020-21325 | Wuzhicms | Unrestricted Upload of File with Dangerous Type vulnerability in Wuzhicms 4.1.0 An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. | 8.8 |
2023-06-20 | CVE-2023-2533 | Papercut | Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. | 8.8 |
2023-06-20 | CVE-2023-26436 | Open Xchange | Deserialization of Untrusted Data vulnerability in Open-Xchange Appsuite Backend Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. | 8.8 |
2023-06-20 | CVE-2023-3320 | WP Sticky Social Project | Unspecified vulnerability in WP Sticky Social Project WP Sticky Social 1.0.1 The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. | 8.8 |
2023-06-19 | CVE-2023-34373 | Zephyr Project Manager Project | Cross-Site Request Forgery (CSRF) vulnerability in Zephyr Project Manager Project Zephyr Project Manager Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. | 8.8 |
2023-06-19 | CVE-2023-2359 | Themepunch | Code Injection vulnerability in Themepunch Slider Revolution 3.0.95/4.1.4/4.2.2 The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. | 8.8 |
2023-06-19 | CVE-2023-2719 | Supportcandy | Unspecified vulnerability in Supportcandy The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber. | 8.8 |
2023-06-23 | CVE-2023-32409 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved bounds checks. | 8.6 |
2023-06-23 | CVE-2023-32414 | Apple | Unspecified vulnerability in Apple Macos 13.0/13.0.1/13.1 The issue was addressed with improved checks. | 8.6 |
2023-06-23 | CVE-2023-35927 | Nextcloud | Unspecified vulnerability in Nextcloud Server NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. | 8.1 |
2023-06-23 | CVE-2023-34465 | Xwiki | Improper Privilege Management vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.1 |
2023-06-23 | CVE-2023-35801 | Safe | Path Traversal vulnerability in Safe FME Server A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. | 8.1 |
2023-06-22 | CVE-2023-34923 | Topdesk | Incorrect Authorization vulnerability in Topdesk 12.10.12 XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation. | 8.1 |
2023-06-22 | CVE-2023-3256 | Advantech | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech R-Seenet Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. | 8.1 |
2023-06-19 | CVE-2022-46850 | Easy Media Replace Project | Missing Authorization vulnerability in Easy Media Replace Project Easy Media Replace Auth. | 8.1 |
2023-06-23 | CVE-2023-35150 | Xwiki | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.0 |
2023-06-20 | CVE-2020-21366 | Njtech | Cross-Site Request Forgery (CSRF) vulnerability in Njtech Greencms 2.3 Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. | 8.0 |
2023-06-25 | CVE-2023-36664 | Artifex Debian Fedoraproject | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | 7.8 |
2023-06-23 | CVE-2023-27908 | Autodesk | Uncontrolled Search Path Element vulnerability in Autodesk Installer A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. | 7.8 |
2023-06-23 | CVE-2023-25003 | Autodesk | Out-of-bounds Write vulnerability in Autodesk products A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. | 7.8 |
2023-06-23 | CVE-2023-23516 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved memory handling. | 7.8 |
2023-06-23 | CVE-2023-23539 | Apple | Classic Buffer Overflow vulnerability in Apple Macos 13.0/13.0.1/13.1 A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2023-06-23 | CVE-2023-27930 | Apple | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 7.8 |
2023-06-23 | CVE-2023-32351 | Apple | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved checks. | 7.8 |
2023-06-23 | CVE-2023-32353 | Apple | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved checks. | 7.8 |
2023-06-23 | CVE-2023-32380 | Apple | Out-of-bounds Write vulnerability in Apple Macos An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2023-06-23 | CVE-2023-32384 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow was addressed with improved bounds checking. | 7.8 |
2023-06-23 | CVE-2023-32398 | Apple | Use After Free vulnerability in Apple products A use-after-free issue was addressed with improved memory management. | 7.8 |
2023-06-23 | CVE-2023-32405 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved checks. | 7.8 |
2023-06-23 | CVE-2023-32434 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow was addressed with improved input validation. | 7.8 |
2023-06-23 | CVE-2023-3302 | Admidio | Improper Neutralization of Formula Elements in a CSV File vulnerability in Admidio Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | 7.8 |
2023-06-23 | CVE-2023-28073 | Dell | Improper Authentication vulnerability in Dell Latitude 5530 Firmware and Precision 3570 Firmware Dell BIOS contains an improper authentication vulnerability. | 7.8 |
2023-06-23 | CVE-2023-36192 | Irontec | Out-of-bounds Write vulnerability in Irontec Sngrep 1.6.0 Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. | 7.8 |
2023-06-23 | CVE-2023-36193 | Lcdf | Out-of-bounds Write vulnerability in Lcdf Gifsicle 1.93 Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. | 7.8 |
2023-06-22 | CVE-2023-28006 | Hcltech | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix OSD Bare Metal Server The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | 7.8 |
2023-06-22 | CVE-2023-36243 | Flvmeta | Classic Buffer Overflow vulnerability in Flvmeta 1.2.1 FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c. | 7.8 |
2023-06-22 | CVE-2023-32449 | Dell | Improper Verification of Cryptographic Signature vulnerability in Dell Powerstoret OS Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. | 7.8 |
2023-06-22 | CVE-2023-28956 | IBM | Incorrect Privilege Assignment vulnerability in IBM Spectrum Protect Backup-Archive Client IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | 7.8 |
2023-06-19 | CVE-2023-30759 | Ricoh | Insufficient Verification of Data Authenticity vulnerability in Ricoh Printer Driver Packager NX The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. | 7.8 |
2023-06-19 | CVE-2023-31239 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric V-Server 4.0.15.0 Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file. | 7.8 |
2023-06-19 | CVE-2023-32201 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. | 7.8 |
2023-06-19 | CVE-2023-32270 | Fujielectric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fujielectric Tellus and Tellus Lite Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. | 7.8 |
2023-06-19 | CVE-2023-32273 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. | 7.8 |
2023-06-19 | CVE-2023-32276 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. | 7.8 |
2023-06-19 | CVE-2023-32288 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric Tellus and Tellus Lite Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. | 7.8 |
2023-06-19 | CVE-2023-32538 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. | 7.8 |
2023-06-19 | CVE-2023-32542 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric Tellus and Tellus Lite Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. | 7.8 |
2023-06-19 | CVE-2023-34641 | Kioware | Unspecified vulnerability in Kioware KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. | 7.8 |
2023-06-19 | CVE-2023-34642 | Kioware | Unspecified vulnerability in Kioware KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. | 7.8 |
2023-06-22 | CVE-2023-3114 | Hashicorp | Incorrect Authorization vulnerability in Hashicorp Terraform Enterprise Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. | 7.7 |
2023-06-22 | CVE-2023-36356 | TP Link | Out-of-bounds Read vulnerability in Tp-Link products TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. | 7.7 |
2023-06-22 | CVE-2023-36357 | TP Link | Unspecified vulnerability in Tp-Link products An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 7.7 |
2023-06-22 | CVE-2023-36358 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link products TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. | 7.7 |
2023-06-23 | CVE-2023-1783 | Orangescrum | Cross-site Scripting vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. | 7.6 |
2023-06-23 | CVE-2023-25515 | Nvidia | Unspecified vulnerability in Nvidia GPU Display Driver and Virtual GPU NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. | 7.6 |
2023-06-25 | CVE-2023-36661 | Shibboleth Debian | Server-Side Request Forgery (SSRF) vulnerability in multiple products Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. | 7.5 |
2023-06-25 | CVE-2023-36632 | Python | Uncontrolled Recursion vulnerability in Python The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. | 7.5 |
2023-06-25 | CVE-2023-36612 | Basecamp | Path Traversal vulnerability in Basecamp Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. | 7.5 |
2023-06-23 | CVE-2023-34188 | Cesanta | Unspecified vulnerability in Cesanta Mongoose The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. | 7.5 |
2023-06-23 | CVE-2023-32397 | Apple | Unspecified vulnerability in Apple Ipados and Macos A logic issue was addressed with improved state management. | 7.5 |
2023-06-23 | CVE-2023-34467 | Xwiki | Exposure of Resource to Wrong Sphere vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
2023-06-23 | CVE-2023-35151 | Xwiki | Exposure of Resource to Wrong Sphere vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
2023-06-23 | CVE-2023-36284 | Webkul | SQL Injection vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | 7.5 |
2023-06-23 | CVE-2022-47614 | Inspireui | SQL Injection vulnerability in Inspireui Mstore API Unauth. | 7.5 |
2023-06-23 | CVE-2023-29860 | Dtstack | Incorrect Permission Assignment for Critical Resource vulnerability in Dtstack Taier 1.3.0 An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. | 7.5 |
2023-06-23 | CVE-2023-30362 | Libcoap | Out-of-bounds Read vulnerability in Libcoap Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. | 7.5 |
2023-06-23 | CVE-2023-32463 | Dell | Unspecified vulnerability in Dell products Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. | 7.5 |
2023-06-23 | CVE-2023-33141 | Microsoft | Unspecified vulnerability in Microsoft YET Another Reverse Proxy Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | 7.5 |
2023-06-22 | CVE-2023-32320 | Nextcloud | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. | 7.5 |
2023-06-22 | CVE-2023-35133 | Moodle | Server-Side Request Forgery (SSRF) vulnerability in Moodle An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. | 7.5 |
2023-06-22 | CVE-2023-2990 | Globalscape | Uncontrolled Recursion vulnerability in Globalscape EFT Server 6.2.31.2 Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | 7.5 |
2023-06-22 | CVE-2023-36354 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link products TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. | 7.5 |
2023-06-22 | CVE-2023-36359 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link products TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. | 7.5 |
2023-06-22 | CVE-2023-36362 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36363 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36364 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36365 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36366 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36367 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36368 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36369 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36370 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-36371 | Monetdb | Unspecified vulnerability in Monetdb 11.45.17/11.46.0 An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 |
2023-06-22 | CVE-2023-20896 | Vmware | Out-of-bounds Read vulnerability in VMWare Vcenter Server The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | 7.5 |
2023-06-22 | CVE-2023-29708 | Wavlink | Unspecified vulnerability in Wavlink Wavrouter APP Rpt70Ha1.X An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. | 7.5 |
2023-06-22 | CVE-2023-29709 | Wildix | Unspecified vulnerability in Wildix Wsg24Poe Firmware 103Sp7D190822 An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication. | 7.5 |
2023-06-22 | CVE-2023-26115 | Word Wrap Project | Unspecified vulnerability in Word-Wrap Project Word-Wrap All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. | 7.5 |
2023-06-21 | CVE-2023-33289 | Urlnorm Project | Unspecified vulnerability in Urlnorm Project Urlnorm The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. | 7.5 |
2023-06-21 | CVE-2023-0026 | Juniper | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 7.5 |
2023-06-21 | CVE-2023-2828 | ISC Debian Fedoraproject Netapp | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. | 7.5 |
2023-06-21 | CVE-2023-2829 | ISC Netapp | A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. | 7.5 |
2023-06-21 | CVE-2023-2911 | ISC Debian Fedoraproject Netapp | Out-of-bounds Write vulnerability in multiple products If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | 7.5 |
2023-06-21 | CVE-2023-27243 | Makves | Cleartext Storage of Sensitive Information vulnerability in Makves Dcap 3.0.0.122/3.0.0.183 An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. | 7.5 |
2023-06-21 | CVE-2023-34981 | Apache | Unspecified vulnerability in Apache Tomcat A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. | 7.5 |
2023-06-21 | CVE-2023-3339 | Agro School Management System Project | SQL Injection vulnerability in Agro-School Management System Project Agro-School Management System 1.0 A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. | 7.5 |
2023-06-21 | CVE-2022-25883 | Npmjs | Unspecified vulnerability in Npmjs Semver Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | 7.5 |
2023-06-20 | CVE-2023-32274 | Enphase | Use of Hard-coded Credentials vulnerability in Enphase Installer Toolkit 3.27.0 Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. | 7.5 |
2023-06-20 | CVE-2020-20335 | Kilo Project | Integer Overflow or Wraparound vulnerability in Kilo Project Kilo 0.0.1 Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c. | 7.5 |
2023-06-20 | CVE-2020-20636 | Joyplus CMS Project | SQL Injection vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. | 7.5 |
2023-06-20 | CVE-2020-21486 | Phpok | SQL Injection vulnerability in PHPok 5.4 SQL injection vulnerability in PHPOK v.5.4. | 7.5 |
2023-06-20 | CVE-2023-1999 | Webmproject | Use After Free vulnerability in Webmproject Libwebp There exists a use after free/double free in libwebp. | 7.5 |
2023-06-19 | CVE-2023-35843 | Nocodb | Path Traversal vulnerability in Nocodb NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. | 7.5 |
2023-06-19 | CVE-2023-3312 | Linux | Double Free vulnerability in Linux Kernel A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. | 7.5 |
2023-06-19 | CVE-2022-48486 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48487 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48489 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48490 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48492 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48493 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48494 | Huawei | Improper Authentication vulnerability in Huawei Emui Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 7.5 |
2023-06-19 | CVE-2022-48496 | Huawei | Improper Authentication vulnerability in Huawei Emui Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 7.5 |
2023-06-19 | CVE-2022-48497 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48498 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48499 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48500 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2022-48501 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-06-19 | CVE-2023-34155 | Huawei | Unspecified vulnerability in Huawei Emui 13.0.0 Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability. | 7.5 |
2023-06-19 | CVE-2023-34161 | Huawei | Incorrect Authorization vulnerability in Huawei Emui nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 |
2023-06-19 | CVE-2023-34162 | Huawei | Unspecified vulnerability in Huawei Emui 13.0.0 Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. | 7.5 |
2023-06-19 | CVE-2023-34163 | Huawei | Unspecified vulnerability in Huawei Emui Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 |
2023-06-19 | CVE-2023-34166 | Huawei | Resource Exhaustion vulnerability in Huawei Emui Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | 7.5 |
2023-06-19 | CVE-2023-25733 | Mozilla | Unchecked Return Value vulnerability in Mozilla Firefox The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. | 7.5 |
2023-06-19 | CVE-2023-25747 | Mozilla | Use After Free vulnerability in Mozilla Firefox A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. | 7.5 |
2023-06-19 | CVE-2023-32209 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox A maliciously crafted favicon could have led to an out of memory crash. | 7.5 |
2023-06-19 | CVE-2023-32214 | Mozilla | Unspecified vulnerability in Mozilla Firefox Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. | 7.5 |
2023-06-19 | CVE-2023-34602 | Jeecg | SQL Injection vulnerability in Jeecg Jeecgboot JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. | 7.5 |
2023-06-19 | CVE-2023-34603 | Jeecg | SQL Injection vulnerability in Jeecg Jeecgboot JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. | 7.5 |
2023-06-19 | CVE-2023-35852 | Oisf | Path Traversal vulnerability in Oisf Suricata In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. | 7.5 |
2023-06-19 | CVE-2023-35846 | Virtualsquare | Unspecified vulnerability in Virtualsquare Picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. | 7.5 |
2023-06-19 | CVE-2023-35847 | Virtualsquare | Use of Uninitialized Resource vulnerability in Virtualsquare Picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). | 7.5 |
2023-06-19 | CVE-2023-35848 | Virtualsquare | Incorrect Calculation vulnerability in Virtualsquare Picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member. | 7.5 |
2023-06-19 | CVE-2023-35849 | Virtualsquare | Improper Check for Unusual or Exceptional Conditions vulnerability in Virtualsquare Picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. | 7.5 |
2023-06-19 | CVE-2023-35844 | Lightdash | Path Traversal vulnerability in Lightdash packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. | 7.5 |
2023-06-19 | CVE-2023-31410 | Sick | Cleartext Transmission of Sensitive Information vulnerability in Sick Eventcam APP A remote unprivileged attacker can intercept the communication via e.g. | 7.4 |
2023-06-23 | CVE-2023-28065 | Dell | Link Following vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. | 7.3 |
2023-06-20 | CVE-2023-1862 | Cloudflare | Unspecified vulnerability in Cloudflare Warp Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. | 7.3 |
2023-06-24 | CVE-2023-1721 | Yoga Class Registration System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0 Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. | 7.2 |
2023-06-23 | CVE-2023-34254 | Glpi Project | OS Command Injection vulnerability in Glpi-Project Glpi Agent The GLPI Agent is a generic management agent. | 7.2 |
2023-06-23 | CVE-2023-3393 | Fossbilling | Code Injection vulnerability in Fossbilling Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. | 7.2 |
2023-06-22 | CVE-2023-27083 | Pluck CMS | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16 An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | 7.2 |
2023-06-22 | CVE-2023-31867 | Sage | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sage X3 12.14.0.500 Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. | 7.2 |
2023-06-21 | CVE-2023-24261 | GL Inet | OS Command Injection vulnerability in Gl-Inet Gl-E750 Firmware A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. | 7.2 |
2023-06-20 | CVE-2020-20491 | Opencart | SQL Injection vulnerability in Opencart SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | 7.2 |
2023-06-20 | CVE-2020-20918 | Pluck CMS | Code Injection vulnerability in Pluck-Cms Pluck 4.7.10 An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. | 7.2 |
2023-06-20 | CVE-2020-20919 | Pluck CMS | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10 File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file. | 7.2 |
2023-06-20 | CVE-2020-20969 | Pluck CMS | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10 File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. | 7.2 |
2023-06-20 | CVE-2020-21400 | Phpmywind | SQL Injection vulnerability in PHPmywind 5.6 SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. | 7.2 |
2023-06-19 | CVE-2023-2221 | WP Custom Cursors Project | Unspecified vulnerability in WP Custom Cursors Project WP Custom Cursors The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 7.2 |
2023-06-19 | CVE-2023-2492 | Querywall Plug N Play Firewall Project | Unspecified vulnerability in Querywall Plug'N Play Firewall Project Querywall Plug'N Play Firewall The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-06-19 | CVE-2023-2805 | Supportcandy | Unspecified vulnerability in Supportcandy The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-06-23 | CVE-2023-32357 | Apple | Unspecified vulnerability in Apple products An authorization issue was addressed with improved state management. | 7.1 |
2023-06-23 | CVE-2023-32420 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.1 |
2023-06-23 | CVE-2023-3317 | Linux | Use After Free vulnerability in Linux Kernel A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. | 7.1 |
2023-06-23 | CVE-2023-28071 | Dell | Link Following vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. | 7.1 |
2023-06-22 | CVE-2023-34241 | Openprinting Fedoraproject Debian Apple | Use After Free vulnerability in multiple products OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. | 7.1 |
2023-06-23 | CVE-2023-32413 | Apple | Race Condition vulnerability in Apple products A race condition was addressed with improved state handling. | 7.0 |
251 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-23 | CVE-2023-25518 | Nvidia | Unspecified vulnerability in Nvidia Jetson Linux NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. | 6.8 |
2023-06-23 | CVE-2023-32480 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an Improper Input Validation vulnerability. | 6.8 |
2023-06-21 | CVE-2023-0970 | Silabs | Classic Buffer Overflow vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | 6.8 |
2023-06-23 | CVE-2023-25938 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28026 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28027 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28031 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28034 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28036 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28044 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28050 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28058 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28060 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-25937 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28028 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28029 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28030 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28032 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28033 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28035 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28039 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28040 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28041 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28042 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28052 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28054 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28056 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28059 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-28061 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-23 | CVE-2023-25936 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2023-06-25 | CVE-2023-3396 | Retro Cellphone Online Store Project | SQL Injection vulnerability in Retro Cellphone Online Store Project Retro Cellphone Online Store 1.0 A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. | 6.5 |
2023-06-23 | CVE-2023-35154 | ENG | Improper Authentication vulnerability in ENG Knowage Knowage is an open source analytics and business intelligence suite. | 6.5 |
2023-06-23 | CVE-2023-35173 | Nextcloud | Unspecified vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. | 6.5 |
2023-06-23 | CVE-2023-34673 | Elenos | Unspecified vulnerability in Elenos Etg150 Firmware 3.12 Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. | 6.5 |
2023-06-23 | CVE-2023-28204 | Apple Webkitgtk | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. | 6.5 |
2023-06-23 | CVE-2023-32402 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 6.5 |
2023-06-23 | CVE-2023-32423 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 6.5 |
2023-06-23 | CVE-2023-23344 | Hcltech | Incorrect Default Permissions vulnerability in Hcltech Bigfix Webui Insights 14 A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | 6.5 |
2023-06-22 | CVE-2023-34462 | Netty | Resource Exhaustion vulnerability in Netty Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 6.5 |
2023-06-22 | CVE-2023-34553 | Wafucn | Authentication Bypass by Capture-replay vulnerability in Wafucn Wafu Keyless Smart Lock Firmware 1.0 An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. | 6.5 |
2023-06-22 | CVE-2022-47593 | Rapidload | SQL Injection vulnerability in Rapidload Power-Up for Autoptimize Auth. | 6.5 |
2023-06-22 | CVE-2023-25499 | Vaadin | Information Exposure vulnerability in Vaadin When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure. | 6.5 |
2023-06-22 | CVE-2023-34927 | Casbin | Cross-Site Request Forgery (CSRF) vulnerability in Casbin Casdoor Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. | 6.5 |
2023-06-22 | CVE-2023-35093 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Masterstudy LMS Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more. | 6.5 |
2023-06-20 | CVE-2020-20502 | Yzmcms | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 2.0 Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. | 6.5 |
2023-06-20 | CVE-2023-34596 | Aeotech | Unspecified vulnerability in Aeotech Zw130-A Firmware 2.3 A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. | 6.5 |
2023-06-20 | CVE-2023-34597 | Fibaro | Unspecified vulnerability in Fibaro Fgms-001 Firmware 3.4 A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. | 6.5 |
2023-06-20 | CVE-2023-26428 | Open Xchange | Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite Backend Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. | 6.5 |
2023-06-19 | CVE-2023-3316 | Libtiff | NULL Pointer Dereference vulnerability in Libtiff A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. | 6.5 |
2023-06-19 | CVE-2023-29545 | Mozilla | Unspecified vulnerability in Mozilla Thunderbird Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. | 6.5 |
2023-06-19 | CVE-2023-29546 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Firefox Focus When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. | 6.5 |
2023-06-19 | CVE-2023-32210 | Mozilla | Unspecified vulnerability in Mozilla Firefox Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. | 6.5 |
2023-06-19 | CVE-2023-35005 | Apache | Unspecified vulnerability in Apache Airflow 2.6.0 In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. | 6.5 |
2023-06-19 | CVE-2023-35862 | Libcoap | Out-of-bounds Read vulnerability in Libcoap 4.3.1 libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. | 6.5 |
2023-06-19 | CVE-2023-35840 | Std42 | Path Traversal vulnerability in Std42 Elfinder _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. | 6.5 |
2023-06-23 | CVE-2023-35167 | Remult | Improper Access Control vulnerability in Remult Remult is a CRUD framework for full-stack TypeScript. | 6.3 |
2023-06-23 | CVE-2023-27940 | Apple | Unspecified vulnerability in Apple Ipados, Iphone OS and Macos The issue was addressed with additional permissions checks. | 6.3 |
2023-06-23 | CVE-2023-32371 | Apple | Unspecified vulnerability in Apple Iphone OS and Macos The issue was addressed with improved checks. | 6.3 |
2023-06-22 | CVE-2023-35132 | Moodle | SQL Injection vulnerability in Moodle A limited SQL injection risk was identified on the Mnet SSO access control page. | 6.3 |
2023-06-25 | CVE-2023-36666 | Inex | Cross-site Scripting vulnerability in Inex IXP Manager INEX IXP-Manager before 6.3.1 allows XSS. | 6.1 |
2023-06-24 | CVE-2023-3388 | Beautiful Cookie Banner | Cross-site Scripting vulnerability in Beautiful-Cookie-Banner Beautiful Cookie Consent Banner The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-23 | CVE-2023-35171 | Nextcloud | Open Redirect vulnerability in Nextcloud Server 26.0.0 NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. | 6.1 |
2023-06-23 | CVE-2023-35759 | Progress | Cross-site Scripting vulnerability in Progress Whatsup Gold 22.1.0 In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. | 6.1 |
2023-06-23 | CVE-2023-36346 | Codekop | Cross-site Scripting vulnerability in Codekop 2.0 POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. | 6.1 |
2023-06-23 | CVE-2023-35155 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.1 |
2023-06-23 | CVE-2023-35156 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.1 |
2023-06-23 | CVE-2023-35158 | Xwiki | Improper Neutralization of Alternate XSS Syntax vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.1 |
2023-06-23 | CVE-2023-35159 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.1 |
2023-06-23 | CVE-2023-35160 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.1 |
2023-06-23 | CVE-2023-35161 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.1 |
2023-06-23 | CVE-2023-35162 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.1 |
2023-06-23 | CVE-2023-36287 | Webkul | Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. | 6.1 |
2023-06-23 | CVE-2023-36289 | Webkul | Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter. | 6.1 |
2023-06-23 | CVE-2023-29100 | Dream Theme | Cross-site Scripting vulnerability in Dream-Theme The7 Unauth. | 6.1 |
2023-06-23 | CVE-2023-34012 | Leap13 | Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor Unauth. | 6.1 |
2023-06-23 | CVE-2023-34021 | Church Admin Project | Cross-site Scripting vulnerability in Church Admin Project Church Admin Unauth. | 6.1 |
2023-06-23 | CVE-2023-3381 | Online School Fees System Project | Cross-site Scripting vulnerability in Online School Fees System Project Online School Fees System 1.0 A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. | 6.1 |
2023-06-23 | CVE-2023-3382 | Game Result Matrix System Project | Cross-site Scripting vulnerability in Game Result Matrix System Project Game Result Matrix System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. | 6.1 |
2023-06-22 | CVE-2023-28016 | Hcltech | Injection vulnerability in Hcltech Bigfix OSD Bare Metal Server Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | 6.1 |
2023-06-22 | CVE-2023-23343 | Hcltech | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Bigfix OSD Bare Metal Server A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | 6.1 |
2023-06-22 | CVE-2023-35131 | Moodle | Cross-site Scripting vulnerability in Moodle Content on the groups page required additional sanitizing to prevent an XSS risk. | 6.1 |
2023-06-22 | CVE-2023-28799 | Zscaler | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |
2023-06-22 | CVE-2023-28800 | Zscaler | Cross-site Scripting vulnerability in Zscaler Client Connector When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 6.1 |
2023-06-22 | CVE-2023-34796 | Techsneeze | Cross-site Scripting vulnerability in Techsneeze Dmarc Report 1.1 Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values. | 6.1 |
2023-06-22 | CVE-2023-32960 | Updraftplus | Cross-Site Request Forgery (CSRF) vulnerability in Updraftplus Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). | 6.1 |
2023-06-22 | CVE-2023-33997 | BBP Style Pack Project | Cross-site Scripting vulnerability in BBP Style Pack Project BBP Style Pack Unauth. | 6.1 |
2023-06-22 | CVE-2023-28750 | Albo Pretorio ON Line Project | Cross-site Scripting vulnerability in Albo Pretorio on Line Project Albo Pretorio on Line Unauth. | 6.1 |
2023-06-22 | CVE-2023-28776 | I13Websolution | Cross-site Scripting vulnerability in I13Websolution Continuous Image Carousel With Lightbox Unauth. | 6.1 |
2023-06-22 | CVE-2023-28784 | Contest Gallery | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Unauth. | 6.1 |
2023-06-22 | CVE-2023-30500 | Wpforms | Cross-site Scripting vulnerability in Wpforms Contact Form and Wpforms Unauth. | 6.1 |
2023-06-22 | CVE-2023-35918 | Woocommerce | Cross-site Scripting vulnerability in Woocommerce Bulk Stock Management Unauth. | 6.1 |
2023-06-22 | CVE-2023-33387 | Datev | Cross-site Scripting vulnerability in Datev EG Personal-Management System Comfort/Comfort Plus 16.1.1 A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link. | 6.1 |
2023-06-22 | CVE-2023-28166 | Tags Cloud Manager Project | Cross-site Scripting vulnerability in Tags Cloud Manager Project Tags Cloud Manager Unauth. | 6.1 |
2023-06-22 | CVE-2019-25152 | Tychesoftwares | Unspecified vulnerability in Tychesoftwares products The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-21 | CVE-2023-33405 | Blogengine | Open Redirect vulnerability in Blogengine Blogengine.Net Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. | 6.1 |
2023-06-21 | CVE-2023-33591 | User Registration Login AND User Management System Project | Cross-site Scripting vulnerability in User Registration & Login and User Management System Project User Registration & Login and User Management System 1.0 User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. | 6.1 |
2023-06-21 | CVE-2023-33725 | Broadleafcommerce | Cross-site Scripting vulnerability in Broadleafcommerce Broadleaf Commerce Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. | 6.1 |
2023-06-21 | CVE-2023-27414 | AYS PRO | Cross-site Scripting vulnerability in Ays-Pro Popup BOX Unauth. | 6.1 |
2023-06-21 | CVE-2023-27432 | Manage Upload Limit Project | Cross-site Scripting vulnerability in Manage Upload Limit Project Manage Upload Limit Unauth. | 6.1 |
2023-06-21 | CVE-2023-27450 | TE ST | Cross-site Scripting vulnerability in Te-St Leyka Unauth. | 6.1 |
2023-06-20 | CVE-2020-20070 | Diaowen | Cross-site Scripting vulnerability in Diaowen Dwsurvey 1.0 Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. | 6.1 |
2023-06-20 | CVE-2020-20725 | Taogogo | Cross-site Scripting vulnerability in Taogogo Taocms 2.5 Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | 6.1 |
2023-06-20 | CVE-2020-21052 | Zrlog | Cross-site Scripting vulnerability in Zrlog 2.1.3 Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. | 6.1 |
2023-06-20 | CVE-2020-21058 | Typora | Cross-site Scripting vulnerability in Typora 0.9.79 Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. | 6.1 |
2023-06-20 | CVE-2020-21268 | Easycorp | Cross-site Scripting vulnerability in Easycorp Zentao 11.6.4 Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. | 6.1 |
2023-06-20 | CVE-2020-21485 | Alluxio | Cross-site Scripting vulnerability in Alluxio 1.8.1 Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. | 6.1 |
2023-06-20 | CVE-2023-33495 | Craftcms | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS through 4.4.9 is vulnerable to HTML Injection. | 6.1 |
2023-06-20 | CVE-2023-35097 | Dojo | Cross-site Scripting vulnerability in Dojo WP Affiliate Links Unauth. | 6.1 |
2023-06-20 | CVE-2023-35098 | Wordpress Nextgen Galleryview Project | Cross-site Scripting vulnerability in Wordpress Nextgen Galleryview Project Wordpress Nextgen Galleryview Unauth. | 6.1 |
2023-06-20 | CVE-2023-35884 | Metagauss | Cross-site Scripting vulnerability in Metagauss Eventprime Unauth. | 6.1 |
2023-06-19 | CVE-2023-32659 | Subnet | Cross-site Scripting vulnerability in Subnet Powersystem Center 2020 SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. | 6.1 |
2023-06-19 | CVE-2023-35772 | Google MAP Shortcode Project | Cross-site Scripting vulnerability in Google MAP Shortcode Project Google MAP Shortcode Unauth. | 6.1 |
2023-06-19 | CVE-2023-35775 | WP Backup Solutions Project | Cross-site Scripting vulnerability in WP Backup Solutions Project WP Backup Solutions Unauth. | 6.1 |
2023-06-19 | CVE-2023-2399 | Qudata | Unspecified vulnerability in Qudata Qubot The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. | 6.1 |
2023-06-19 | CVE-2023-2654 | Themify | Unspecified vulnerability in Themify Conditional Menus The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-06-19 | CVE-2023-2779 | Heator | Unspecified vulnerability in Heator Social Share, Social Login and Social Comments The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
2023-06-19 | CVE-2023-34415 | Mozilla | Open Redirect vulnerability in Mozilla Firefox When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. | 6.1 |
2023-06-23 | CVE-2023-32369 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 6.0 |
2023-06-25 | CVE-2015-20109 | GNU | Classic Buffer Overflow vulnerability in GNU Glibc end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. | 5.5 |
2023-06-23 | CVE-2022-42792 | Apple | Unspecified vulnerability in Apple Ipados and Iphone OS This issue was addressed with improved data protection. | 5.5 |
2023-06-23 | CVE-2022-42860 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks to prevent unauthorized actions. | 5.5 |
2023-06-23 | CVE-2022-46715 | Apple | Unspecified vulnerability in Apple Ipados and Iphone OS A logic issue was addressed with improved checks. | 5.5 |
2023-06-23 | CVE-2022-46718 | Apple | Unspecified vulnerability in Apple Ipados and Macos A logic issue was addressed with improved restrictions. | 5.5 |
2023-06-23 | CVE-2023-25520 | Nvidia | Improper Input Validation vulnerability in Nvidia Jetson Linux NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service. | 5.5 |
2023-06-23 | CVE-2023-28191 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved redaction of sensitive information. | 5.5 |
2023-06-23 | CVE-2023-28202 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved state management. | 5.5 |
2023-06-23 | CVE-2023-32352 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved checks. | 5.5 |
2023-06-23 | CVE-2023-32354 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 5.5 |
2023-06-23 | CVE-2023-32355 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.5 |
2023-06-23 | CVE-2023-32360 | Apple | Unspecified vulnerability in Apple Macos An authentication issue was addressed with improved state management. | 5.5 |
2023-06-23 | CVE-2023-32363 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed by removing vulnerable code and adding additional checks. | 5.5 |
2023-06-23 | CVE-2023-32367 | Apple | Unspecified vulnerability in Apple Iphone OS and Macos This issue was addressed with improved entitlements. | 5.5 |
2023-06-23 | CVE-2023-32368 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 5.5 |
2023-06-23 | CVE-2023-32372 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 5.5 |
2023-06-23 | CVE-2023-32375 | Apple | Out-of-bounds Read vulnerability in Apple Macos An out-of-bounds read was addressed with improved input validation. | 5.5 |
2023-06-23 | CVE-2023-32376 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved entitlements. | 5.5 |
2023-06-23 | CVE-2023-32382 | Apple | Out-of-bounds Read vulnerability in Apple Macos An out-of-bounds read was addressed with improved input validation. | 5.5 |
2023-06-23 | CVE-2023-32385 | Apple | Unspecified vulnerability in Apple Macos A denial-of-service issue was addressed with improved memory handling. | 5.5 |
2023-06-23 | CVE-2023-32388 | Apple | Unspecified vulnerability in Apple products A privacy issue was addressed with improved private data redaction for log entries. | 5.5 |
2023-06-23 | CVE-2023-32389 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved redaction of sensitive information. | 5.5 |
2023-06-23 | CVE-2023-32392 | Apple | Information Exposure Through Log Files vulnerability in Apple products A privacy issue was addressed with improved private data redaction for log entries. | 5.5 |
2023-06-23 | CVE-2023-32395 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.5 |
2023-06-23 | CVE-2023-32399 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved handling of caches. | 5.5 |
2023-06-23 | CVE-2023-32400 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved checks. | 5.5 |
2023-06-23 | CVE-2023-32403 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved redaction of sensitive information. | 5.5 |
2023-06-23 | CVE-2023-32404 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved entitlements. | 5.5 |
2023-06-23 | CVE-2023-32407 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved state management. | 5.5 |
2023-06-23 | CVE-2023-32408 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved handling of caches. | 5.5 |
2023-06-23 | CVE-2023-32410 | Apple | Out-of-bounds Read vulnerability in Apple Ipados and Macos An out-of-bounds read was addressed with improved input validation. | 5.5 |
2023-06-23 | CVE-2023-32411 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved entitlements. | 5.5 |
2023-06-23 | CVE-2023-32415 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved redaction of sensitive information. | 5.5 |
2023-06-23 | CVE-2023-32422 | Apple | Unspecified vulnerability in Apple products This issue was addressed by adding additional SQLite logging restrictions. | 5.5 |
2023-06-23 | CVE-2023-35925 | Intellectualsites | Resource Exhaustion vulnerability in Intellectualsites Fastasyncworldedit FastAsyncWorldEdit (FAWE) is designed for efficient world editing. | 5.5 |
2023-06-22 | CVE-2023-33842 | IBM | Unspecified vulnerability in IBM Spss Modeler IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. | 5.5 |
2023-06-21 | CVE-2023-25435 | Libtiff | Classic Buffer Overflow vulnerability in Libtiff 4.5.0 libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. | 5.5 |
2023-06-20 | CVE-2023-3220 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 6.1-rc8. | 5.5 |
2023-06-19 | CVE-2023-3022 | Linux | Type Confusion vulnerability in Linux Kernel A flaw was found in the IPv6 module of the Linux kernel. | 5.5 |
2023-06-19 | CVE-2023-29532 | Mozilla | Unspecified vulnerability in Mozilla Firefox A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. | 5.5 |
2023-06-19 | CVE-2023-35866 | Keepassxc | Unspecified vulnerability in Keepassxc In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. | 5.5 |
2023-06-24 | CVE-2023-3387 | Lanacodes | Unspecified vulnerability in Lanacodes Lana Text to Image 1.0.0 The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-06-24 | CVE-2023-1724 | Ladybirdweb | Cross-site Scripting vulnerability in Ladybirdweb Faveo Helpdesk Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. | 5.4 |
2023-06-23 | CVE-2023-3394 | Fossbilling | Session Fixation vulnerability in Fossbilling Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. | 5.4 |
2023-06-23 | CVE-2023-27964 | Apple | Authentication Bypass by Spoofing vulnerability in Apple Airpods Firmware 5E133 An authentication issue was addressed with improved state management. | 5.4 |
2023-06-23 | CVE-2023-35153 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 5.4 |
2023-06-23 | CVE-2023-34464 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.4 |
2023-06-23 | CVE-2023-36288 | Webkul | Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter. | 5.4 |
2023-06-23 | CVE-2023-3304 | Admidio | Unspecified vulnerability in Admidio Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | 5.4 |
2023-06-22 | CVE-2023-36093 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms 1.6.3 There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 | 5.4 |
2023-06-22 | CVE-2023-28418 | Mediciti Lite Project | Cross-site Scripting vulnerability in Mediciti Lite Project Mediciti Lite Auth. | 5.4 |
2023-06-22 | CVE-2023-32239 | Xtemos | Cross-site Scripting vulnerability in Xtemos Woodmart Theme Auth. | 5.4 |
2023-06-22 | CVE-2023-31868 | Sage | Cross-site Scripting vulnerability in Sage X3 12.14.0.500 Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
2023-06-22 | CVE-2023-31213 | Wpbakery | Cross-site Scripting vulnerability in Wpbakery Page Builder Auth. | 5.4 |
2023-06-22 | CVE-2023-35090 | Stylemixthemes | Cross-site Scripting vulnerability in Stylemixthemes Masterstudy LMS Auth. | 5.4 |
2023-06-22 | CVE-2023-28171 | Wpchill | Cross-site Scripting vulnerability in Wpchill Brilliance Auth. | 5.4 |
2023-06-22 | CVE-2023-28534 | Wpjobportal | Cross-site Scripting vulnerability in Wpjobportal WP JOB Portal Auth. | 5.4 |
2023-06-22 | CVE-2023-27413 | W4 Post List Project | Cross-site Scripting vulnerability in W4 Post List Project W4 Post List Auth. | 5.4 |
2023-06-22 | CVE-2023-27612 | Geminilabs | Cross-site Scripting vulnerability in Geminilabs Site Reviews Auth. | 5.4 |
2023-06-22 | CVE-2023-27629 | Geminilabs | Cross-site Scripting vulnerability in Geminilabs Site Reviews Auth. | 5.4 |
2023-06-22 | CVE-2023-27631 | Mmrs151 | Cross-site Scripting vulnerability in Mmrs151 Daily Prayer Time Auth. | 5.4 |
2023-06-21 | CVE-2023-27443 | Simple Vimeo Shortcode Project | Cross-site Scripting vulnerability in Simple Vimeo Shortcode Project Simple Vimeo Shortcode Auth. | 5.4 |
2023-06-20 | CVE-2020-21246 | Yiicms Project | Cross-site Scripting vulnerability in Yiicms Project Yiicms 1.0 Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function. | 5.4 |
2023-06-20 | CVE-2023-35882 | Heateor | Cross-site Scripting vulnerability in Heateor Super Socializer Auth. | 5.4 |
2023-06-19 | CVE-2023-34461 | Pybb Project | Cross-site Scripting vulnerability in Pybb Project Pybb 0.1.0 PyBB is an open source bulletin board. | 5.4 |
2023-06-19 | CVE-2023-35776 | Bearsthemes | Cross-site Scripting vulnerability in Bearsthemes Sermons Online Auth. | 5.4 |
2023-06-19 | CVE-2023-3318 | Resort Management System Project | Cross-site Scripting vulnerability in Resort Management System Project Resort Management System 1.0 A vulnerability was found in SourceCodester Resort Management System 1.0. | 5.4 |
2023-06-19 | CVE-2023-0368 | Responsive Tabs FOR Wpbakery Page Builder Project | Cross-site Scripting vulnerability in Responsive Tabs for Wpbakery Page Builder Project Responsive Tabs for Wpbakery Page Builder The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-06-19 | CVE-2023-0489 | Slideonline Project | Unspecified vulnerability in Slideonline Project Sideonline The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-06-19 | CVE-2023-2899 | WEB Argument | Unspecified vulnerability in Web-Argument Google MAP Shortcode The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | 5.4 |
2023-06-22 | CVE-2023-2991 | Globalscape | Unspecified vulnerability in Globalscape EFT Server Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message | 5.3 |
2023-06-20 | CVE-2023-26429 | Open Xchange | Command Injection vulnerability in Open-Xchange Appsuite Backend Control characters were not removed when exporting user feedback content. | 5.3 |
2023-06-19 | CVE-2022-48488 | Huawei | Incorrect Authorization vulnerability in Huawei Emui Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop. | 5.3 |
2023-06-19 | CVE-2022-48491 | Huawei | Missing Authorization vulnerability in Huawei Emui Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time. | 5.3 |
2023-06-19 | CVE-2022-48495 | Huawei | Incorrect Authorization vulnerability in Huawei Emui 12.0.0/12.0.1/13.0.0 Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained. | 5.3 |
2023-06-19 | CVE-2023-34156 | Huawei | Unspecified vulnerability in Huawei Emui Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied. | 5.3 |
2023-06-19 | CVE-2023-34158 | Huawei | Authentication Bypass by Spoofing vulnerability in Huawei Emui 12.0.0/13.0.0 Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | 5.3 |
2023-06-19 | CVE-2023-34160 | Huawei | Authentication Bypass by Spoofing vulnerability in Huawei Emui 12.0.0/13.0.0 Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | 5.3 |
2023-06-19 | CVE-2023-34167 | Huawei | Authentication Bypass by Spoofing vulnerability in Huawei Emui Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | 5.3 |
2023-06-19 | CVE-2023-2751 | Upload Resume Project | Unspecified vulnerability in Upload Resume Project Upload Resume The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. | 5.3 |
2023-06-19 | CVE-2023-32208 | Mozilla | Unspecified vulnerability in Mozilla Firefox Service workers could reveal script base URL due to dynamic `import()`. | 5.3 |
2023-06-23 | CVE-2023-35163 | Gobalsky | Improper Input Validation vulnerability in Gobalsky Vega Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. | 5.2 |
2023-06-20 | CVE-2023-26435 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Backend It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. | 5.0 |
2023-06-23 | CVE-2023-35157 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.8 |
2023-06-23 | CVE-2023-27427 | Ntzapps | Cross-site Scripting vulnerability in Ntzapps CRM Memberships Auth. | 4.8 |
2023-06-23 | CVE-2023-28751 | Wpmet | Cross-site Scripting vulnerability in Wpmet WP Ultimate Review 2.0.3 Auth. | 4.8 |
2023-06-23 | CVE-2023-32580 | Wpexperts | Cross-site Scripting vulnerability in Wpexperts Password Protected Auth. | 4.8 |
2023-06-23 | CVE-2023-35048 | Magepeople | Cross-site Scripting vulnerability in Magepeople Booking & Rental Manager Auth. | 4.8 |
2023-06-22 | CVE-2023-30347 | STL | Cross-site Scripting vulnerability in STL Neox Dial Centre 2.3.9 Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search. | 4.8 |
2023-06-22 | CVE-2023-34170 | Wpovernight | Cross-site Scripting vulnerability in Wpovernight Download Quick/Bulk Order Form for Woocommerce Auth. | 4.8 |
2023-06-22 | CVE-2023-28774 | Grade | Cross-site Scripting vulnerability in Grade Review Stream Auth. | 4.8 |
2023-06-22 | CVE-2023-33323 | Reputeinfosystems | Cross-site Scripting vulnerability in Reputeinfosystems Armember Auth. | 4.8 |
2023-06-22 | CVE-2023-34006 | Telegram BOT Channel Project | Cross-site Scripting vulnerability in Telegram BOT & Channel Project Telegram BOT & Channel Auth. | 4.8 |
2023-06-22 | CVE-2023-34368 | Kanbanwp | Cross-site Scripting vulnerability in Kanbanwp Kanban Boards Auth. | 4.8 |
2023-06-22 | CVE-2023-23807 | Qumos | Cross-site Scripting vulnerability in Qumos Mojoplug Slide Panel Auth. | 4.8 |
2023-06-22 | CVE-2023-23811 | Smoothscroller Project | Cross-site Scripting vulnerability in Smoothscroller Project Smoothscroller Auth. | 4.8 |
2023-06-22 | CVE-2023-26534 | Onewebsite | Cross-site Scripting vulnerability in Onewebsite WP Repost Auth. | 4.8 |
2023-06-22 | CVE-2023-26539 | Advanced Text Widget Project | Cross-site Scripting vulnerability in Advanced Text Widget Project Advanced Text Widget Auth. | 4.8 |
2023-06-22 | CVE-2023-27452 | WOW Estore | Cross-site Scripting vulnerability in Wow-Estore Button Generator - Easily Button Builder Auth. | 4.8 |
2023-06-22 | CVE-2023-28174 | Elightup | Cross-site Scripting vulnerability in Elightup Erocket Auth. | 4.8 |
2023-06-22 | CVE-2023-28778 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Pagination Auth. | 4.8 |
2023-06-22 | CVE-2023-29707 | Gbcom | Cross-site Scripting vulnerability in Gbcom LAC web Control Center Lac1.3.X Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device. | 4.8 |
2023-06-22 | CVE-2023-27618 | Agilelogix | Cross-site Scripting vulnerability in Agilelogix Store Locator Auth. | 4.8 |
2023-06-22 | CVE-2023-28423 | Prismtechstudios | Cross-site Scripting vulnerability in Prismtechstudios Modern Footnotes Auth. | 4.8 |
2023-06-22 | CVE-2023-28496 | Smtp2Go | Cross-site Scripting vulnerability in Smtp2Go Auth. | 4.8 |
2023-06-22 | CVE-2023-28695 | Vigilantor Project | Cross-site Scripting vulnerability in Vigilantor Project Vigilantor Auth. | 4.8 |
2023-06-21 | CVE-2023-27429 | Automattic | Cross-site Scripting vulnerability in Automattic Jetpack CRM Auth. | 4.8 |
2023-06-21 | CVE-2023-27439 | NEW Adman Project | Cross-site Scripting vulnerability in NEW Adman Project NEW Adman 1.6.7.2/1.6.8 Auth. | 4.8 |
2023-06-20 | CVE-2020-20697 | Nodcms | Cross-site Scripting vulnerability in Nodcms 3.0 Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter. | 4.8 |
2023-06-20 | CVE-2023-35095 | Flothemes | Cross-site Scripting vulnerability in Flothemes FLO Forms Auth. | 4.8 |
2023-06-20 | CVE-2023-35878 | Extra User Details Project | Cross-site Scripting vulnerability in Extra User Details Project Extra User Details Auth. | 4.8 |
2023-06-19 | CVE-2023-35779 | Seedwebs | Cross-site Scripting vulnerability in Seedwebs Seed Fonts Auth. | 4.8 |
2023-06-19 | CVE-2023-33213 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpview Auth. | 4.8 |
2023-06-19 | CVE-2023-2401 | Qudata | Unspecified vulnerability in Qudata Qubot The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-06-19 | CVE-2023-2527 | Crmperks | Cross-site Scripting vulnerability in Crmperks Integration for Contact Form 7 and Zoho Crm, Bigin 1.2.2 The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 4.8 |
2023-06-19 | CVE-2023-2600 | Artprojectgroup | Unspecified vulnerability in Artprojectgroup Custom Base Terms The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-06-19 | CVE-2023-2684 | Wpfactory | Unspecified vulnerability in Wpfactory File Renaming on Upload The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-06-19 | CVE-2023-2742 | Quantumcloud | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2023-06-19 | CVE-2023-2811 | Quantumcloud | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot | 4.8 |
2023-06-19 | CVE-2023-2812 | Ultimate Dashboard Project | Unspecified vulnerability in Ultimate Dashboard Project Ultimate Dashboard The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-06-19 | CVE-2023-34657 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms 1.6.2 A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. | 4.8 |
2023-06-23 | CVE-2023-32391 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 4.6 |
2023-06-23 | CVE-2023-28064 | Dell | Out-of-bounds Write vulnerability in Dell products Dell BIOS contains an Out-of-bounds Write vulnerability. | 4.6 |
2023-06-23 | CVE-2023-3212 | Linux Fedoraproject Redhat Debian Netapp | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. | 4.4 |
2023-06-23 | CVE-2023-35931 | Shescape Project | Information Exposure Through Environmental Variables vulnerability in Shescape Project Shescape Shescape is a simple shell escape library for JavaScript. | 4.3 |
2023-06-23 | CVE-2022-42807 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 4.3 |
2023-06-23 | CVE-2023-34466 | Xwiki | Information Exposure vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.3 |
2023-06-22 | CVE-2023-25500 | Vaadin | Information Exposure vulnerability in Vaadin Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests. | 4.3 |
2023-06-20 | CVE-2023-26431 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Backend IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. | 4.3 |
2023-06-20 | CVE-2023-26432 | Open Xchange | Unspecified vulnerability in Open-Xchange Appsuite Backend When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. | 4.3 |
2023-06-20 | CVE-2023-26433 | Open Xchange | Unspecified vulnerability in Open-Xchange Appsuite Backend When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. | 4.3 |
2023-06-20 | CVE-2023-26434 | Open Xchange | Unspecified vulnerability in Open-Xchange Appsuite Backend When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. | 4.3 |
2023-06-19 | CVE-2023-3315 | Jenkins | Missing Authorization vulnerability in Jenkins Team Concert Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 |
14 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-23 | CVE-2023-3303 | Admidio | Improper Access Control vulnerability in Admidio Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | 3.5 |
2023-06-21 | CVE-2023-0969 | Silabs | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | 3.5 |
2023-06-23 | CVE-2022-42834 | Apple | Unspecified vulnerability in Apple Macos An access issue was addressed with improved access restrictions. | 3.3 |
2023-06-23 | CVE-2023-32386 | Apple | Unspecified vulnerability in Apple Macos A privacy issue was addressed with improved handling of temporary files. | 3.3 |
2023-06-23 | CVE-2023-32464 | Dell | Improper Certificate Validation vulnerability in Dell products Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. | 3.3 |
2023-06-20 | CVE-2023-26427 | Open Xchange | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite Backend Default permissions for a properties file were too permissive. | 3.3 |
2023-06-19 | CVE-2023-34414 | Mozilla | Improper Certificate Validation vulnerability in Mozilla Firefox The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. | 3.1 |
2023-06-22 | CVE-2023-34110 | Flask Appbuilder Project | Information Exposure Through an Error Message vulnerability in Flask-Appbuilder Project Flask-Appbuilder Flask-AppBuilder is an application development framework, built on top of Flask. | 2.7 |
2023-06-20 | CVE-2023-2400 | Devolutions | Incomplete Cleanup vulnerability in Devolutions Server Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. | 2.7 |
2023-06-23 | CVE-2023-32365 | Apple | Unspecified vulnerability in Apple Ipados and Iphone OS The issue was addressed with improved checks. | 2.4 |
2023-06-23 | CVE-2023-32390 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 2.4 |
2023-06-23 | CVE-2023-32394 | Apple | Exposure of Resource to Wrong Sphere vulnerability in Apple products The issue was addressed with improved checks. | 2.4 |
2023-06-23 | CVE-2023-32417 | Apple | Unspecified vulnerability in Apple Watchos This issue was addressed by restricting options offered on a locked device. | 2.4 |
2023-06-19 | CVE-2022-48506 | Dominionvoting | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dominionvoting Democracy Suite A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. | 2.4 |