Weekly Vulnerabilities Reports > July 10 to 16, 2023
Overview
866 new vulnerabilities reported during this period, including 115 critical vulnerabilities and 333 high severity vulnerabilities. This weekly summary report vulnerabilities in 833 products from 292 vendors including Microsoft, Google, Siemens, Jenkins, and Adobe. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Missing Authorization", "Out-of-bounds Write", and "SQL Injection".
- 623 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 217 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 509 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 134 reported vulnerabilities.
- Tenda has the most reported critical vulnerabilities, with 20 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
115 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-07-14 | CVE-2023-37466 | VM2 Project | Code Injection vulnerability in VM2 Project VM2 vm2 is an advanced vm/sandbox for Node.js. | 10.0 |
2023-07-11 | CVE-2023-29130 | Siemens | Unspecified vulnerability in Siemens Simatic CN 4100 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). | 10.0 |
2023-07-11 | CVE-2023-29131 | Siemens | Incorrect Default Permissions vulnerability in Siemens Simatic CN 4100 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). | 10.0 |
2023-07-13 | CVE-2023-3342 | Wpeverest | Unspecified vulnerability in Wpeverest User Registration The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. | 9.9 |
2023-07-11 | CVE-2023-37271 | Zope | Improper Control of Dynamically-Managed Code Resources vulnerability in Zope Restrictedpython RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. | 9.9 |
2023-07-16 | CVE-2023-3693 | Janobe | SQL Injection vulnerability in Janobe Life Insurance Management System 1.0 A vulnerability classified as critical was found in SourceCodester Life Insurance Management System 1.0. | 9.8 |
2023-07-16 | CVE-2023-38378 | Rigol | OS Command Injection vulnerability in Rigol Mso5000 Firmware 00.01.03.00.03 The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application. | 9.8 |
2023-07-16 | CVE-2023-3689 | Bylancer | SQL Injection vulnerability in Bylancer Quickqr 6.3.7 A vulnerability classified as critical was found in Bylancer QuickQR 6.3.7. | 9.8 |
2023-07-16 | CVE-2023-3690 | Bylancer | SQL Injection vulnerability in Bylancer Quickorder 6.3.7 A vulnerability, which was classified as critical, has been found in Bylancer QuickOrder 6.3.7. | 9.8 |
2023-07-16 | CVE-2023-3688 | Bylancer | SQL Injection vulnerability in Bylancer Quickjob 6.1 A vulnerability classified as critical has been found in Bylancer QuickJob 6.1. | 9.8 |
2023-07-16 | CVE-2023-3687 | Bylancer | SQL Injection vulnerability in Bylancer Quickvcard 2.1 A vulnerability was found in Bylancer QuickVCard 2.1. | 9.8 |
2023-07-16 | CVE-2023-3686 | Bylancer | SQL Injection vulnerability in Bylancer Quickai Openai 3.8.1 A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. | 9.8 |
2023-07-15 | CVE-2023-3682 | Nesote | SQL Injection vulnerability in Nesote Inout Blockchain Easypayments 1.0 A vulnerability, which was classified as critical, was found in Nesote Inout Blockchain EasyPayments 1.0. | 9.8 |
2023-07-15 | CVE-2023-3679 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0 A vulnerability was found in SourceCodester Lost and Found Information System 1.0. | 9.8 |
2023-07-15 | CVE-2023-3680 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0 A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. | 9.8 |
2023-07-15 | CVE-2023-3678 | Oretnom23 | SQL Injection vulnerability in Oretnom23 AC Repair and Services System 1.0 A vulnerability was found in SourceCodester AC Repair and Services System 1.0. | 9.8 |
2023-07-15 | CVE-2023-35802 | Extremenetworks | Classic Buffer Overflow vulnerability in Extremenetworks IQ Engine IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. | 9.8 |
2023-07-14 | CVE-2023-37793 | Wayos | Classic Buffer Overflow vulnerability in Wayos Fbm-291W Firmware 19.09.11V WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp. | 9.8 |
2023-07-14 | CVE-2023-37794 | Wayos | Command Injection vulnerability in Wayos Fbm-291W Firmware 19.09.11V WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | 9.8 |
2023-07-14 | CVE-2023-38336 | Netkit | Command Injection vulnerability in Netkit 0.1724 netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | 9.8 |
2023-07-14 | CVE-2023-37714 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic. | 9.8 |
2023-07-14 | CVE-2023-37715 | Tenda | Out-of-bounds Write vulnerability in Tenda F1202 Firmware and Fh1202 Firmware Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm. | 9.8 |
2023-07-14 | CVE-2023-37716 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting. | 9.8 |
2023-07-14 | CVE-2023-37717 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient. | 9.8 |
2023-07-14 | CVE-2023-37718 | Tenda | Out-of-bounds Write vulnerability in Tenda 4G300 Firmware, F1202 Firmware and Fh1202 Firmware Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter. | 9.8 |
2023-07-14 | CVE-2023-37719 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter. | 9.8 |
2023-07-14 | CVE-2023-37721 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter. | 9.8 |
2023-07-14 | CVE-2023-37722 | Tenda | Out-of-bounds Write vulnerability in Tenda 4G300 Firmware, F1202 Firmware and Fh1202 Firmware Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter. | 9.8 |
2023-07-14 | CVE-2023-37723 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting. | 9.8 |
2023-07-13 | CVE-2023-37839 | Dedecms | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.109 An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
2023-07-13 | CVE-2023-30151 | Prestashop | SQL Injection vulnerability in Prestashop A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | 9.8 |
2023-07-13 | CVE-2023-31704 | Oretnom23 | Unspecified vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role. | 9.8 |
2023-07-13 | CVE-2023-35070 | Vegagroup | SQL Injection vulnerability in Vegagroup web Collection Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197. | 9.8 |
2023-07-13 | CVE-2023-37267 | Umbraco | Unspecified vulnerability in Umbraco CMS Umbraco is a ASP.NET CMS. | 9.8 |
2023-07-13 | CVE-2023-2003 | Unitronicsplc | Unspecified vulnerability in Unitronicsplc Vision1210 Firmware 4.3 Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | 9.8 |
2023-07-13 | CVE-2023-3661 | Oretnom23 | SQL Injection vulnerability in Oretnom23 AC Repair and Services System 1.0 A vulnerability was found in SourceCodester AC Repair and Services System 1.0. | 9.8 |
2023-07-13 | CVE-2023-25178 | Honeywell | Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | 9.8 |
2023-07-13 | CVE-2023-3658 | Oretnom23 | SQL Injection vulnerability in Oretnom23 AC Repair and Services System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. | 9.8 |
2023-07-13 | CVE-2023-3657 | Oretnom23 | SQL Injection vulnerability in Oretnom23 AC Repair and Services System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. | 9.8 |
2023-07-13 | CVE-2023-1547 | Elra | SQL Injection vulnerability in Elra Parkmatik Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51. | 9.8 |
2023-07-13 | CVE-2023-2957 | Lisayazilim | SQL Injection vulnerability in Lisayazilim Florist Site Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0. | 9.8 |
2023-07-13 | CVE-2023-34132 | Sonicwall | Unspecified vulnerability in Sonicwall Analytics and Global Management System Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. | 9.8 |
2023-07-13 | CVE-2023-34136 | Sonicwall | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. | 9.8 |
2023-07-13 | CVE-2023-34137 | Sonicwall | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. | 9.8 |
2023-07-13 | CVE-2023-38198 | Acme SH Project | Unspecified vulnerability in Acme.Sh Project Acme.Sh acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. | 9.8 |
2023-07-13 | CVE-2023-38199 | Owasp | Type Confusion vulnerability in Owasp Coreruleset coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. | 9.8 |
2023-07-13 | CVE-2023-34130 | Sonicwall | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. | 9.8 |
2023-07-13 | CVE-2023-37567 | Elecom | Command Injection vulnerability in Elecom Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. | 9.8 |
2023-07-13 | CVE-2023-34124 | Sonicwall | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. | 9.8 |
2023-07-13 | CVE-2023-34128 | Sonicwall | Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. | 9.8 |
2023-07-13 | CVE-2023-20918 | Unspecified vulnerability in Google Android In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. | 9.8 | |
2023-07-13 | CVE-2023-21250 | Out-of-bounds Write vulnerability in Google Android In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2023-07-12 | CVE-2023-26563 | Syncfusion | Path Traversal vulnerability in Syncfusion Nodejs File System Provider 0102271 The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. | 9.8 |
2023-07-12 | CVE-2023-26564 | Syncfusion | Path Traversal vulnerability in Syncfusion EJ2 Aspcore File Provider The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. | 9.8 |
2023-07-12 | CVE-2023-33274 | Voltronicpower | Improper Authentication vulnerability in Voltronicpower Snmp web PRO 1.1 The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. | 9.8 |
2023-07-12 | CVE-2023-3643 | Carel | Unspecified vulnerability in Carel Boss Mini Firmware 1.4.0 A vulnerability was found in Boss Mini 1.4.0 Build 6221. | 9.8 |
2023-07-12 | CVE-2023-3644 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0 A vulnerability was found in SourceCodester Service Provider Management System 1.0. | 9.8 |
2023-07-12 | CVE-2023-37628 | Simple Online Piggery Management System Project | SQL Injection vulnerability in Simple Online Piggery Management System Project Simple Online Piggery Management System 1.0 Online Piggery Management System 1.0 is vulnerable to SQL Injection. | 9.8 |
2023-07-12 | CVE-2023-37629 | Simple Online Piggery Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Online Piggery Management System Project Simple Online Piggery Management System 1.0 Online Piggery Management System 1.0 is vulnerable to File Upload. | 9.8 |
2023-07-12 | CVE-2023-29300 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
2023-07-12 | CVE-2023-37627 | Code Projects | SQL Injection vulnerability in Code-Projects Online Restaurant Management System 1.0 Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. | 9.8 |
2023-07-12 | CVE-2023-33668 | Digiexam | Improper Validation of Integrity Check Value vulnerability in Digiexam DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers. | 9.8 |
2023-07-12 | CVE-2023-3595 | Rockwellautomation | Out-of-bounds Write vulnerability in Rockwellautomation products Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. | 9.8 |
2023-07-12 | CVE-2023-37582 | Apache | Code Injection vulnerability in Apache Rocketmq The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. | 9.8 |
2023-07-11 | CVE-2023-3127 | Johnsoncontrols | Improper Authentication vulnerability in Johnsoncontrols products An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | 9.8 |
2023-07-11 | CVE-2023-32056 | Microsoft | Unspecified vulnerability in Microsoft products Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | 9.8 |
2023-07-11 | CVE-2023-32057 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
2023-07-11 | CVE-2023-33154 | Microsoft | Unspecified vulnerability in Microsoft products Windows Partition Management Driver Elevation of Privilege Vulnerability | 9.8 |
2023-07-11 | CVE-2023-35365 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
2023-07-11 | CVE-2023-35366 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
2023-07-11 | CVE-2023-35367 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
2023-07-11 | CVE-2023-36825 | Orchid | Deserialization of Untrusted Data vulnerability in Orchid Platform Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. | 9.8 |
2023-07-11 | CVE-2023-3625 | Istrong | Unrestricted Upload of File with Dangerous Type vulnerability in Istrong Mountain Flood Disaster Prevention Monitoring and Early Warning System A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. | 9.8 |
2023-07-11 | CVE-2023-3626 | Istrong | Unrestricted Upload of File with Dangerous Type vulnerability in Istrong Mountain Flood Disaster Prevention Monitoring and Early Warning System 20230704/20230706 A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. | 9.8 |
2023-07-11 | CVE-2023-26861 | Vivawallet | SQL Injection vulnerability in Vivawallet Viva Wallet SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | 9.8 |
2023-07-11 | CVE-2023-28001 | Fortinet | Insufficient Session Expiration vulnerability in Fortinet Fortios An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. | 9.8 |
2023-07-11 | CVE-2023-3623 | Istrong | Unrestricted Upload of File with Dangerous Type vulnerability in Istrong Mountain Flood Disaster Prevention Monitoring and Early Warning System A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. | 9.8 |
2023-07-11 | CVE-2023-3624 | Nesote | SQL Injection vulnerability in Nesote Inout Blockchain Fiatexchanger 3.0 A vulnerability classified as critical has been found in Nesote Inout Blockchain FiatExchanger 3.0. | 9.8 |
2023-07-11 | CVE-2023-3619 | Oretnom23 | SQL Injection vulnerability in Oretnom23 AC Repair and Services System 1.0 A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. | 9.8 |
2023-07-11 | CVE-2023-37659 | Xalpha Project | Code Injection vulnerability in Xalpha Project Xalpha xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). | 9.8 |
2023-07-11 | CVE-2023-3617 | Best POS Management System Project | SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0 A vulnerability was found in SourceCodester Best POS Management System 1.0. | 9.8 |
2023-07-11 | CVE-2023-37656 | Websiteguide Project | Unrestricted Upload of File with Dangerous Type vulnerability in Websiteguide Project Websiteguide 0.2 WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. | 9.8 |
2023-07-11 | CVE-2023-34561 | Robtopgames | Classic Buffer Overflow vulnerability in Robtopgames Geometry Dash 2.113 A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers to execute arbitrary code via entering a Geometry Dash level. | 9.8 |
2023-07-10 | CVE-2023-24489 | Citrix | Unspecified vulnerability in Citrix Sharefile Storage Zones Controller A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | 9.8 |
2023-07-10 | CVE-2023-30765 | Deltaww | Improper Access Control vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A/1.0.5 ?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation. | 9.8 |
2023-07-10 | CVE-2023-34347 | Deltaww | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A/1.0.5 ?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | 9.8 |
2023-07-10 | CVE-2016-15034 | Anakeen | SQL Injection vulnerability in Anakeen Dynacase Webdesk A vulnerability was found in Dynacase Webdesk and classified as critical. | 9.8 |
2023-07-10 | CVE-2023-3599 | Best FEE Management System Project | Permissions, Privileges, and Access Controls vulnerability in Best FEE Management System Project Best FEE Management System 1.0 A vulnerability was found in SourceCodester Best Fee Management System 1.0. | 9.8 |
2023-07-10 | CVE-2023-37700 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 9.8 |
2023-07-10 | CVE-2023-37701 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | 9.8 |
2023-07-10 | CVE-2023-37702 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. | 9.8 |
2023-07-10 | CVE-2023-37703 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | 9.8 |
2023-07-10 | CVE-2023-37704 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. | 9.8 |
2023-07-10 | CVE-2023-37705 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. | 9.8 |
2023-07-10 | CVE-2023-37706 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function. | 9.8 |
2023-07-10 | CVE-2023-37707 | Tenda | Out-of-bounds Write vulnerability in Tenda Fh1203 Firmware 2.0.1.6 Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. | 9.8 |
2023-07-10 | CVE-2023-37710 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware and Ac1206 Firmware Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 9.8 |
2023-07-10 | CVE-2023-37711 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware and Ac1206 Firmware Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function. | 9.8 |
2023-07-10 | CVE-2023-37712 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware, F1202 Firmware and Fh1202 Firmware Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function. | 9.8 |
2023-07-10 | CVE-2023-2046 | Yontemizleme | SQL Injection vulnerability in Yontemizleme Vehicle Tracking System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8. | 9.8 |
2023-07-10 | CVE-2023-2852 | Softmedyazilim | SQL Injection vulnerability in Softmedyazilim Selfpatron Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.This issue affects SelfPatron : before 2.0. | 9.8 |
2023-07-10 | CVE-2023-37152 | Online ART Gallery Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online ART Gallery Project Online ART Gallery 1.0 Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. | 9.8 |
2023-07-10 | CVE-2023-3045 | Tise | SQL Injection vulnerability in Tise Parking web Report Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1. | 9.8 |
2023-07-10 | CVE-2023-3076 | Inspireui | Missing Authorization vulnerability in Inspireui Mstore API The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. | 9.8 |
2023-07-10 | CVE-2023-3077 | Inspireui | Unspecified vulnerability in Inspireui Mstore API The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. | 9.8 |
2023-07-10 | CVE-2023-3578 | Dedecms | Server-Side Request Forgery (SSRF) vulnerability in Dedecms 5.7.109 A vulnerability classified as critical was found in DedeCMS 5.7.109. | 9.8 |
2023-07-10 | CVE-2023-37286 | Smartsoft | Use of Hard-coded Credentials vulnerability in Smartsoft Smartbpm.Net 6.70 SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. | 9.8 |
2023-07-11 | CVE-2023-33150 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Office and Word Microsoft Office Security Feature Bypass Vulnerability | 9.6 |
2023-07-11 | CVE-2023-2746 | Rockwellautomation | Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Enhanced HIM 1.001 The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. | 9.6 |
2023-07-10 | CVE-2023-37277 | Xwiki | Cross-Site Request Forgery (CSRF) vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 9.6 |
2023-07-11 | CVE-2023-33987 | SAP | HTTP Request Smuggling vulnerability in SAP web Dispatcher An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. | 9.4 |
2023-07-11 | CVE-2023-35871 | SAP | Out-of-bounds Write vulnerability in SAP web Dispatcher The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system. | 9.4 |
2023-07-13 | CVE-2023-37278 | Glpi Project | SQL Injection vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. | 9.1 |
2023-07-10 | CVE-2023-3605 | Phpgurukul | Improper Restriction of Excessive Authentication Attempts vulnerability in PHPgurukul Online Shopping Portal 1.0 A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. | 9.1 |
2023-07-10 | CVE-2023-37287 | Smartsoft | Use of Hard-coded Credentials vulnerability in Smartsoft Smartbpm.Net 6.70 SmartBPM.NET has a vulnerability of using hard-coded authentication key. | 9.1 |
333 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-07-15 | CVE-2023-38349 | Pnp4Nagios | Cross-Site Request Forgery (CSRF) vulnerability in Pnp4Nagios 0.6.26 PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. | 8.8 |
2023-07-14 | CVE-2023-37268 | Warpgate Project | Improper Authentication vulnerability in Warpgate Project Warpgate 0.7.2 Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. | 8.8 |
2023-07-14 | CVE-2023-37462 | Xwiki | Eval Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
2023-07-14 | CVE-2023-37473 | Zenstruck | Injection vulnerability in Zenstruck Collection 0.2.1 zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. | 8.8 |
2023-07-13 | CVE-2023-37273 | Agpt | Code Injection vulnerability in Agpt Auto-Gpt Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. | 8.8 |
2023-07-13 | CVE-2022-24834 | Redis Fedoraproject | Integer Overflow to Buffer Overflow vulnerability in multiple products Redis is an in-memory database that persists on disk. | 8.8 |
2023-07-13 | CVE-2023-37415 | Apache | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability. | 8.8 |
2023-07-13 | CVE-2023-37562 | Elecom | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wtc-C1167Gc-B Firmware and Wtc-C1167Gc-W Firmware Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | 8.8 |
2023-07-13 | CVE-2023-3343 | Wpeverest | Unspecified vulnerability in Wpeverest User Registration The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. | 8.8 |
2023-07-13 | CVE-2023-34129 | Sonicwall | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. | 8.8 |
2023-07-13 | CVE-2023-34126 | Sonicwall | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. | 8.8 |
2023-07-13 | CVE-2023-34127 | Sonicwall | OS Command Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. | 8.8 |
2023-07-12 | CVE-2023-37946 | Jenkins | Session Fixation vulnerability in Jenkins Openshift Login Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | 8.8 |
2023-07-12 | CVE-2023-37957 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Restful API A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token. | 8.8 |
2023-07-12 | CVE-2023-37958 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sumologic Publisher A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |
2023-07-12 | CVE-2023-37961 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Assembla A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. | 8.8 |
2023-07-12 | CVE-2023-37962 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1 A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | 8.8 |
2023-07-12 | CVE-2023-37964 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Elasticbox CI A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2023-07-12 | CVE-2023-3600 | Mozilla | Use After Free vulnerability in Mozilla Firefox During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. | 8.8 |
2023-07-12 | CVE-2022-42009 | Apache | Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. | 8.8 |
2023-07-12 | CVE-2022-45855 | Apache | Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | 8.8 |
2023-07-12 | CVE-2023-30429 | Apache | Incorrect Authorization vulnerability in Apache Pulsar Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role. The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions. | 8.8 |
2023-07-12 | CVE-2023-32200 | Apache | Expression Language Injection vulnerability in Apache Jena There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. | 8.8 |
2023-07-12 | CVE-2023-37196 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE. | 8.8 |
2023-07-12 | CVE-2023-37197 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE. | 8.8 |
2023-07-12 | CVE-2023-3011 | Armemberplugin | Unspecified vulnerability in Armemberplugin Armember The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. | 8.8 |
2023-07-12 | CVE-2023-3105 | Learndash | Unspecified vulnerability in Learndash The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. | 8.8 |
2023-07-11 | CVE-2023-24492 | Citrix | Code Injection vulnerability in Citrix Secure Access Client A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. | 8.8 |
2023-07-11 | CVE-2023-32038 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-32049 | Microsoft | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
2023-07-11 | CVE-2023-33134 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-33153 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Outlook Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-33157 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-33159 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Spoofing Vulnerability | 8.8 |
2023-07-11 | CVE-2023-33160 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-35300 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-35302 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-35303 | Microsoft | Unspecified vulnerability in Microsoft products USB Audio Class System Driver Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-35315 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-35322 | Microsoft | Unspecified vulnerability in Microsoft products Windows Deployment Services Remote Code Execution Vulnerability | 8.8 |
2023-07-11 | CVE-2023-35364 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 8.8 |
2023-07-11 | CVE-2023-34116 | Zoom | Unspecified vulnerability in Zoom Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | 8.8 |
2023-07-11 | CVE-2023-36824 | Redis Fedoraproject | Incorrect Calculation of Buffer Size vulnerability in multiple products Redis is an in-memory database that persists on disk. | 8.8 |
2023-07-11 | CVE-2023-3627 | Salesagility | Cross-Site Request Forgery (CSRF) vulnerability in Salesagility Suitecrm Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. | 8.8 |
2023-07-11 | CVE-2023-3621 | Ibos | SQL Injection vulnerability in Ibos 4.5.5 A vulnerability was found in IBOS OA 4.5.5. | 8.8 |
2023-07-11 | CVE-2023-2072 | Rockwellautomation | Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. | 8.8 |
2023-07-11 | CVE-2023-35091 | Storeapps | Cross-Site Request Forgery (CSRF) vulnerability in Storeapps Stock Manager for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions. | 8.8 |
2023-07-11 | CVE-2023-35773 | Template Debugger Project | Cross-Site Request Forgery (CSRF) vulnerability in Template Debugger Project Template Debugger 3.1.2 Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions. | 8.8 |
2023-07-11 | CVE-2023-36522 | Wepupil | Cross-Site Request Forgery (CSRF) vulnerability in Wepupil Quiz Expert - Easy Quiz Maker, Exam and Test Manager 1.5.0 Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions. | 8.8 |
2023-07-11 | CVE-2023-36690 | Vibethemes | Cross-Site Request Forgery (CSRF) vulnerability in Vibethemes Wordpress Learning Management System 4.900 Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions. | 8.8 |
2023-07-11 | CVE-2022-29561 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 8.8 |
2023-07-11 | CVE-2023-36693 | WP RSS Images Project | Cross-Site Request Forgery (CSRF) vulnerability in WP RSS Images Project WP RSS Images Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions. | 8.8 |
2023-07-11 | CVE-2023-34015 | Piwebsolution | Cross-Site Request Forgery (CSRF) vulnerability in Piwebsolution Advanced-Free-Flat-Shipping-Woocommerce 1.6.3.93/1.6.3.99/1.6.4 Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions. | 8.8 |
2023-07-11 | CVE-2023-35774 | LWS | Cross-Site Request Forgery (CSRF) vulnerability in LWS Tools Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions. | 8.8 |
2023-07-11 | CVE-2023-35913 | Oopspam | Cross-Site Request Forgery (CSRF) vulnerability in Oopspam Anti-Spam Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. | 8.8 |
2023-07-11 | CVE-2023-36517 | WP Abstracts Project | Cross-Site Request Forgery (CSRF) vulnerability in WP Abstracts Project WP Abstracts Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions. | 8.8 |
2023-07-11 | CVE-2022-45823 | Video Contest Wordpress Project | Cross-Site Request Forgery (CSRF) vulnerability in Video Contest Wordpress Project Video Contest Wordpress Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions. | 8.8 |
2023-07-11 | CVE-2023-23704 | Pixelgrade | Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Rating Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions. | 8.8 |
2023-07-11 | CVE-2023-23731 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Wishsuite Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions. | 8.8 |
2023-07-11 | CVE-2023-23997 | Database Collation FIX Project | Cross-Site Request Forgery (CSRF) vulnerability in Database Collation FIX Project Database Collation FIX Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions. | 8.8 |
2023-07-11 | CVE-2023-24421 | Wpengine | Cross-Site Request Forgery (CSRF) vulnerability in Wpengine PHP Compatibility Checker Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. | 8.8 |
2023-07-11 | CVE-2023-25051 | Comment Reply Notification Project | Cross-Site Request Forgery (CSRF) vulnerability in Comment Reply Notification Project Comment Reply Notification 1.0/1.2/1.4 Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions. | 8.8 |
2023-07-11 | CVE-2023-25468 | Pvmg | Cross-Site Request Forgery (CSRF) vulnerability in Pvmg Reservation.Studio Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. | 8.8 |
2023-07-11 | CVE-2023-25487 | Pixelgrade | Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Pixtypes Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions. | 8.8 |
2023-07-11 | CVE-2023-35781 | LWS | Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions. | 8.8 |
2023-07-11 | CVE-2023-23791 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes HT Menu Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions. | 8.8 |
2023-07-11 | CVE-2023-23803 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Justtables Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions. | 8.8 |
2023-07-11 | CVE-2023-23792 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Swatchly Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions. | 8.8 |
2023-07-11 | CVE-2023-36922 | SAP | OS Command Injection vulnerability in SAP Netweaver Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. | 8.8 |
2023-07-10 | CVE-2023-3608 | Ruijienetworks | OS Command Injection vulnerability in Ruijienetworks Bcr810W Firmware 2.5.10 A vulnerability was found in Ruijie BCR810W 2.5.10. | 8.8 |
2023-07-10 | CVE-2023-3606 | Tamronos | OS Command Injection vulnerability in Tamronos 20230703 A vulnerability was found in TamronOS up to 20230703. | 8.8 |
2023-07-10 | CVE-2023-1597 | Tagdiv | Unspecified vulnerability in Tagdiv Cloud Library The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog. | 8.8 |
2023-07-10 | CVE-2023-22673 | Magenet | Cross-Site Request Forgery (CSRF) vulnerability in Magenet Website Monetization Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions. | 8.8 |
2023-07-10 | CVE-2023-22694 | Bigcontact Contact Page Project | Cross-Site Request Forgery (CSRF) vulnerability in Bigcontact Contact Page Project Bigcontact Contact Page Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions. | 8.8 |
2023-07-10 | CVE-2023-22695 | Wpgogo | Cross-Site Request Forgery (CSRF) vulnerability in Wpgogo Custom Field Template Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions. | 8.8 |
2023-07-10 | CVE-2023-23787 | Premmerce | Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Redirect Manager Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. | 8.8 |
2023-07-10 | CVE-2023-23804 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes HT Feed Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions. | 8.8 |
2023-07-10 | CVE-2023-23869 | Digitalinspiration | Cross-Site Request Forgery (CSRF) vulnerability in Digitalinspiration Google XML Sitemap for Mobile Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions. | 8.8 |
2023-07-10 | CVE-2023-23897 | Ozette | Cross-Site Request Forgery (CSRF) vulnerability in Ozette Simple Mobile URL Redirect Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions. | 8.8 |
2023-07-10 | CVE-2023-23993 | Lionscripts | Cross-Site Request Forgery (CSRF) vulnerability in Lionscripts IP Blocker Lite Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions. | 8.8 |
2023-07-10 | CVE-2023-24395 | Wpplugin | Cross-Site Request Forgery (CSRF) vulnerability in Wpplugin Contact Form 7 Redirect & Thank YOU Page Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions. | 8.8 |
2023-07-10 | CVE-2023-24405 | Wpplugin | Cross-Site Request Forgery (CSRF) vulnerability in Wpplugin Paypal & Stripe Add-On Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions. | 8.8 |
2023-07-10 | CVE-2023-25478 | Weather Station Project | Cross-Site Request Forgery (CSRF) vulnerability in Weather Station Project Weather Station Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions. | 8.8 |
2023-07-10 | CVE-2023-27867 | IBM | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. | 8.8 |
2023-07-10 | CVE-2023-27868 | IBM | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. | 8.8 |
2023-07-10 | CVE-2023-27869 | IBM | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. | 8.8 |
2023-07-10 | CVE-2023-28986 | Wpaffiliatemanager | Cross-Site Request Forgery (CSRF) vulnerability in Wpaffiliatemanager Affiliates Manager Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions. | 8.8 |
2023-07-10 | CVE-2023-28989 | Wedevs | Cross-Site Request Forgery (CSRF) vulnerability in Wedevs Happy Addons for Elementor Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions. | 8.8 |
2023-07-10 | CVE-2023-28995 | Configurable TAG Cloud Project | Cross-Site Request Forgery (CSRF) vulnerability in Configurable TAG Cloud Project Configurable TAG Cloud Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions. | 8.8 |
2023-07-10 | CVE-2023-2234 | Zephyrproject | Type Confusion vulnerability in Zephyrproject Zephyr Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. | 8.8 |
2023-07-10 | CVE-2023-35912 | Wpzone | Cross-Site Request Forgery (CSRF) vulnerability in Wpzone Potent Donations for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions. | 8.8 |
2023-07-10 | CVE-2023-36691 | Webwinkelkeur Project | Cross-Site Request Forgery (CSRF) vulnerability in Webwinkelkeur Project Webwinkelkeur Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions. | 8.8 |
2023-07-10 | CVE-2023-37392 | WP Dummy Content Generator Project | Cross-Site Request Forgery (CSRF) vulnerability in WP Dummy Content Generator Project WP Dummy Content Generator Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions. | 8.8 |
2023-07-10 | CVE-2023-3579 | Hadsky | Cross-Site Request Forgery (CSRF) vulnerability in Hadsky 7.11.8 A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. | 8.8 |
2023-07-13 | CVE-2023-30563 | BD | Cross-site Scripting vulnerability in BD Alaris Systems Manager 4.33 A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session. | 8.2 |
2023-07-11 | CVE-2023-35335 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 8.2 |
2023-07-12 | CVE-2023-30428 | Apache | Incorrect Authorization vulnerability in Apache Pulsar Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0. The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. | 8.1 |
2023-07-11 | CVE-2023-33127 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET and Visual Studio Elevation of Privilege Vulnerability | 8.1 |
2023-07-11 | CVE-2023-33170 | Microsoft Fedoraproject | Race Condition vulnerability in multiple products ASP.NET and Visual Studio Security Feature Bypass Vulnerability | 8.1 |
2023-07-11 | CVE-2023-35297 | Microsoft | Unspecified vulnerability in Microsoft products Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 8.1 |
2023-07-11 | CVE-2023-37596 | Issabel | Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06 Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function. | 8.1 |
2023-07-11 | CVE-2023-37597 | Issabel | Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06 Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function. | 8.1 |
2023-07-11 | CVE-2023-31190 | Bluemark | Improper Certificate Validation vulnerability in Bluemark Dronescout Ds230 Firmware DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042. | 8.1 |
2023-07-11 | CVE-2023-31191 | Bluemark | Omission of Security-relevant Information vulnerability in Bluemark Dronescout Ds230 Firmware DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. | 8.1 |
2023-07-11 | CVE-2023-33989 | SAP | Path Traversal vulnerability in SAP Netweaver BI Content An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. | 8.1 |
2023-07-10 | CVE-2023-32250 | Linux Netapp | Race Condition vulnerability in multiple products A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. | 8.1 |
2023-07-10 | CVE-2023-32254 | Linux Netapp | Race Condition vulnerability in multiple products A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. | 8.1 |
2023-07-14 | CVE-2023-32761 | Archerirm | Cross-Site Request Forgery (CSRF) vulnerability in Archerirm Archer 6.10.0.3/6.3.0.0/6.9.3.4 Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request. | 8.0 |
2023-07-13 | CVE-2023-37564 | Elecom | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. | 8.0 |
2023-07-13 | CVE-2023-37565 | Elecom | Code Injection vulnerability in Elecom products Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. | 8.0 |
2023-07-13 | CVE-2023-37566 | Elecom | Command Injection vulnerability in Elecom Wrc-1167Febk-A Firmware and Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | 8.0 |
2023-07-13 | CVE-2023-37568 | Elecom | Command Injection vulnerability in Elecom Wrc-1167Gebk-S Firmware and Wrc-1167Ghbk-S Firmware ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | 8.0 |
2023-07-10 | CVE-2023-3607 | Kodcloud | OS Command Injection vulnerability in Kodcloud Kodbox 1.26 A vulnerability was found in kodbox 1.26. | 8.0 |
2023-07-10 | CVE-2023-1901 | Zephyrproject | Out-of-bounds Write vulnerability in Zephyrproject Zephyr The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. | 8.0 |
2023-07-10 | CVE-2023-1902 | Zephyrproject | Use After Free vulnerability in Zephyrproject Zephyr The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. | 8.0 |
2023-07-16 | CVE-2023-30988 | IBM | Unspecified vulnerability in IBM I The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. | 7.8 |
2023-07-16 | CVE-2023-30989 | IBM | Unspecified vulnerability in IBM I IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. | 7.8 |
2023-07-14 | CVE-2023-36887 | Microsoft | Type Confusion vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 7.8 |
2023-07-14 | CVE-2023-35692 | Unspecified vulnerability in Google Android In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. | 7.8 | |
2023-07-14 | CVE-2023-3513 | Razer | Improper Privilege Management vulnerability in Razer Central Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. | 7.8 |
2023-07-14 | CVE-2023-3514 | Razer | Improper Privilege Management vulnerability in Razer Central Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. | 7.8 |
2023-07-13 | CVE-2023-37274 | Agpt | Code Injection vulnerability in Agpt Auto-Gpt Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. | 7.8 |
2023-07-13 | CVE-2023-21145 | Unspecified vulnerability in Google Android In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. | 7.8 | |
2023-07-13 | CVE-2023-21241 | Integer Overflow or Wraparound vulnerability in Google Android In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. | 7.8 | |
2023-07-13 | CVE-2023-21245 | Unspecified vulnerability in Google Android In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. | 7.8 | |
2023-07-13 | CVE-2023-21247 | Missing Authorization vulnerability in Google Android 12.0/12.1/13.0 In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. | 7.8 | |
2023-07-13 | CVE-2023-21248 | Missing Authorization vulnerability in Google Android 12.0/12.1/13.0 In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. | 7.8 | |
2023-07-13 | CVE-2023-21254 | Unspecified vulnerability in Google Android 13.0 In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. | 7.8 | |
2023-07-13 | CVE-2023-21255 | Google Debian | Use After Free vulnerability in multiple products In multiple functions of binder.c, there is a possible memory corruption due to a use after free. | 7.8 |
2023-07-13 | CVE-2023-21256 | Unspecified vulnerability in Google Android 13.0 In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. | 7.8 | |
2023-07-13 | CVE-2023-21257 | Missing Authorization vulnerability in Google Android 13.0 In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. | 7.8 | |
2023-07-13 | CVE-2023-21399 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android there is a possible way to bypass cryptographic assurances due to a logic error in the code. | 7.8 | |
2023-07-12 | CVE-2023-29308 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-07-12 | CVE-2021-43757 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 7.8 |
2023-07-12 | CVE-2023-29414 | Schneider Electric | Classic Buffer Overflow vulnerability in Schneider-Electric Accutech Manager 2.00.1/2.00.2 A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call. | 7.8 |
2023-07-12 | CVE-2023-30916 | Missing Authorization vulnerability in Google Android In DMService, there is a possible missing permission check. | 7.8 | |
2023-07-12 | CVE-2023-30917 | Missing Authorization vulnerability in Google Android In DMService, there is a possible missing permission check. | 7.8 | |
2023-07-12 | CVE-2023-30928 | Missing Authorization vulnerability in Google Android In telephony service, there is a possible missing permission check. | 7.8 | |
2023-07-12 | CVE-2023-30929 | Missing Authorization vulnerability in Google Android In telephony service, there is a possible missing permission check. | 7.8 | |
2023-07-12 | CVE-2023-3106 | Linux Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference vulnerability was found in netlink_dump. | 7.8 |
2023-07-12 | CVE-2023-2762 | 3DS | Use After Free vulnerability in 3DS 3Dexperience Solidworks A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. | 7.8 |
2023-07-12 | CVE-2023-2763 | 3DS | Use After Free vulnerability in 3DS 3Dexperience Solidworks 2021/2022/2023 Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. | 7.8 |
2023-07-11 | CVE-2023-24491 | Citrix | Unspecified vulnerability in Citrix Secure Access Client A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. | 7.8 |
2023-07-11 | CVE-2023-21756 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-32046 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-32047 | Microsoft | Unspecified vulnerability in Microsoft Paint 3D Paint 3D Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-32051 | Microsoft | Unspecified vulnerability in Microsoft RAW Image Extension Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-32053 | Microsoft | Unspecified vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-33148 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Office Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-33149 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Office Graphics Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-33152 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft ActiveX Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-33155 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-33158 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-33161 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-34118 | Zoom | Unspecified vulnerability in Zoom Rooms Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | 7.8 |
2023-07-11 | CVE-2023-34119 | Zoom | Exposure of Resource to Wrong Sphere vulnerability in Zoom Rooms Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | 7.8 |
2023-07-11 | CVE-2023-35299 | Microsoft | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35304 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35305 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35312 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35313 | Microsoft | Unspecified vulnerability in Microsoft products Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35317 | Microsoft | Unspecified vulnerability in Microsoft products Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35320 | Microsoft | Unspecified vulnerability in Microsoft products Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35323 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 21H2 and Windows Server 2022 Windows OLE Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35328 | Microsoft | Unspecified vulnerability in Microsoft products Windows Transaction Manager Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35337 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35340 | Microsoft | Unspecified vulnerability in Microsoft products Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35342 | Microsoft | Unspecified vulnerability in Microsoft products Windows Image Acquisition Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35343 | Microsoft | Unspecified vulnerability in Microsoft products Windows Geolocation Service Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35353 | Microsoft | Unspecified vulnerability in Microsoft products Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35356 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35357 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35358 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35362 | Microsoft | Race Condition vulnerability in Microsoft products Windows Clip Service Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35363 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-35374 | Microsoft | Unspecified vulnerability in Microsoft Paint 3D Paint 3D Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-36536 | Zoom | Untrusted Search Path vulnerability in Zoom Rooms Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | 7.8 |
2023-07-11 | CVE-2023-36537 | Zoom | Unspecified vulnerability in Zoom Rooms Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | 7.8 |
2023-07-11 | CVE-2023-36538 | Zoom | Unspecified vulnerability in Zoom Rooms Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | 7.8 |
2023-07-11 | CVE-2023-36867 | Github | Unspecified vulnerability in Github Pull Requests and Issues Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | 7.8 |
2023-07-11 | CVE-2023-36874 | Microsoft | Unspecified vulnerability in Microsoft products Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
2023-07-11 | CVE-2023-3269 | Linux Redhat Fedoraproject | Use After Free vulnerability in multiple products A vulnerability exists in the memory management subsystem of the Linux kernel. | 7.8 |
2023-07-11 | CVE-2023-37246 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-07-11 | CVE-2023-37247 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-07-11 | CVE-2023-37248 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-07-11 | CVE-2023-37374 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-07-11 | CVE-2023-37375 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-07-11 | CVE-2023-37376 | Siemens | Type Confusion vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-07-10 | CVE-2023-34432 | Sound Exchange Project Redhat Fedoraproject | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. | 7.8 |
2023-07-10 | CVE-2023-34318 | SOX Project Redhat Fedoraproject | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. | 7.8 |
2023-07-10 | CVE-2021-42082 | Osnexus | Improper Privilege Management vulnerability in Osnexus Quantastor 4.3.0 Local users are able to execute scripts under root privileges. | 7.8 |
2023-07-10 | CVE-2023-27558 | IBM | Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. | 7.8 |
2023-07-10 | CVE-2023-28958 | IBM | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.0 IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. | 7.8 |
2023-07-10 | CVE-2023-30431 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. | 7.8 |
2023-07-10 | CVE-2023-22835 | Palantir | Unspecified vulnerability in Palantir Foundry Frontend and Foundry Issues A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0. | 7.7 |
2023-07-16 | CVE-2023-38379 | Rigol | Unspecified vulnerability in Rigol Mso5000 Firmware 00.01.03.00.03 The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password. | 7.5 |
2023-07-15 | CVE-2023-2268 | Plane | Missing Authorization vulnerability in Plane 0.7.1 Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. | 7.5 |
2023-07-14 | CVE-2023-36818 | Discourse | Unspecified vulnerability in Discourse 3.1.0 Discourse is an open source discussion platform. | 7.5 |
2023-07-14 | CVE-2023-38337 | Rswag Project | Path Traversal vulnerability in Rswag Project Rswag rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project. | 7.5 |
2023-07-14 | CVE-2023-37464 | Cisco | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco Cjose OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). | 7.5 |
2023-07-14 | CVE-2023-37474 | Copyparty Project | Path Traversal vulnerability in Copyparty Project Copyparty Copyparty is a portable file server. | 7.5 |
2023-07-14 | CVE-2023-38325 | Cryptography IO | Improper Certificate Validation vulnerability in Cryptography.Io Cryptography The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. | 7.5 |
2023-07-14 | CVE-2023-3633 | Bitdefender | Out-of-bounds Write vulnerability in Bitdefender Engines An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower. | 7.5 |
2023-07-14 | CVE-2023-36835 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS). If a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. | 7.5 |
2023-07-14 | CVE-2023-28985 | Juniper | Improper Validation of Syntactic Correctness of Input vulnerability in Juniper Junos An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). | 7.5 |
2023-07-14 | CVE-2023-36832 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). | 7.5 |
2023-07-14 | CVE-2023-36831 | Juniper | Improper Check or Handling of Exceptional Conditions vulnerability in Juniper Junos 22.2/22.3/22.4 An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. | 7.5 |
2023-07-14 | CVE-2023-38286 | Thymeleaf Codecentric | Command Injection vulnerability in multiple products Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. | 7.5 |
2023-07-13 | CVE-2023-37599 | Issabel | Exposure of Resource to Wrong Sphere vulnerability in Issabel PBX 4.0.06 An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory | 7.5 |
2023-07-13 | CVE-2023-35945 | Envoyproxy Nghttp2 | Incomplete Cleanup vulnerability in multiple products Envoy is a cloud-native high-performance edge/middle/service proxy. | 7.5 |
2023-07-13 | CVE-2023-37463 | Github | Unspecified vulnerability in Github Cmark-Gfm cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. | 7.5 |
2023-07-13 | CVE-2023-31821 | Albis | Cleartext Storage of Sensitive Information vulnerability in Albis 13.6.1 An issue found in ALBIS Co. | 7.5 |
2023-07-13 | CVE-2023-31823 | Marui | Cleartext Transmission of Sensitive Information vulnerability in Marui 13.6.1 An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function. | 7.5 |
2023-07-13 | CVE-2023-31824 | Dericia | Unspecified vulnerability in Dericia Delicia 13.6.1 An issue found in DERICIA Co. | 7.5 |
2023-07-13 | CVE-2023-31819 | Livre | Missing Encryption of Sensitive Data vulnerability in Livre Keisei Store 13.6.1 An issue found in KEISEI STORE Co, Ltd. | 7.5 |
2023-07-13 | CVE-2023-31820 | Shizutetsu | Missing Encryption of Sensitive Data vulnerability in Shizutetsu Store 13.6.1 An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | 7.5 |
2023-07-13 | CVE-2023-31822 | Entetsu | Missing Encryption of Sensitive Data vulnerability in Entetsu Store 13.4.1 An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function. | 7.5 |
2023-07-13 | CVE-2023-31825 | Inageya | Missing Encryption of Sensitive Data vulnerability in Inageya 13.4.1 An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function. | 7.5 |
2023-07-13 | CVE-2023-25948 | Honeywell | Information Exposure Through an Error Message vulnerability in Honeywell products Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
2023-07-13 | CVE-2023-26597 | Honeywell | Out-of-bounds Write vulnerability in Honeywell C300 Firmware Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
2023-07-13 | CVE-2023-22435 | Honeywell | Out-of-bounds Write vulnerability in Honeywell products Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | 7.5 |
2023-07-13 | CVE-2023-23585 | Honeywell | Out-of-bounds Write vulnerability in Honeywell products Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
2023-07-13 | CVE-2023-24474 | Honeywell | Out-of-bounds Write vulnerability in Honeywell products Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message | 7.5 |
2023-07-13 | CVE-2023-24480 | Honeywell | Out-of-bounds Write vulnerability in Honeywell C300 Firmware Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
2023-07-13 | CVE-2023-25078 | Honeywell | Out-of-bounds Write vulnerability in Honeywell products Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
2023-07-13 | CVE-2023-25770 | Honeywell | Deserialization of Untrusted Data vulnerability in Honeywell C300 Firmware Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
2023-07-13 | CVE-2023-29451 | Zabbix | Out-of-bounds Write vulnerability in Zabbix Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | 7.5 |
2023-07-13 | CVE-2023-29458 | Zabbix | Improper Validation of Array Index vulnerability in Zabbix 5.0.34/6.0.17/6.4.2 Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. | 7.5 |
2023-07-13 | CVE-2023-29450 | Zabbix | Files or Directories Accessible to External Parties vulnerability in Zabbix JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | 7.5 |
2023-07-13 | CVE-2023-35069 | Biges | Path Traversal vulnerability in Biges Bullwark Momentum Series Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H. | 7.5 |
2023-07-13 | CVE-2023-34133 | Sonicwall | SQL Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. | 7.5 |
2023-07-13 | CVE-2023-3424 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. | 7.5 |
2023-07-13 | CVE-2023-38197 | QT | Infinite Loop vulnerability in QT An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. | 7.5 |
2023-07-13 | CVE-2023-34123 | Sonicwall | Use of Hard-coded Credentials vulnerability in Sonicwall Analytics and Global Management System Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. | 7.5 |
2023-07-13 | CVE-2023-35694 | Out-of-bounds Read vulnerability in Google Android In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2023-07-12 | CVE-2023-3635 | Squareup | Incorrect Conversion between Numeric Types vulnerability in Squareup Okio GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. | 7.5 |
2023-07-12 | CVE-2023-29298 | Adobe | Unspecified vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 7.5 |
2023-07-12 | CVE-2023-29301 | Adobe | Improper Restriction of Excessive Authentication Attempts vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. | 7.5 |
2023-07-12 | CVE-2020-20021 | Mikrotik | Resource Exhaustion vulnerability in Mikrotik Routeros An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. | 7.5 |
2023-07-12 | CVE-2023-3596 | Rockwellautomation | Out-of-bounds Write vulnerability in Rockwellautomation products Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages. | 7.5 |
2023-07-12 | CVE-2023-3525 | Getnet Argentina Para Woocommerce Project | Unspecified vulnerability in Getnet Argentina Para Woocommerce Project Getnet Argentina Para Woocommerce The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. | 7.5 |
2023-07-11 | CVE-2023-29984 | Fujifilm Toshibatec Brother | NULL Pointer Dereference vulnerability in multiple products Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. | 7.5 |
2023-07-11 | CVE-2023-36884 | Microsoft | Race Condition vulnerability in Microsoft products Windows Search Remote Code Execution Vulnerability | 7.5 |
2023-07-11 | CVE-2023-32034 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-32035 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-32042 | Microsoft | Unspecified vulnerability in Microsoft products OLE Automation Information Disclosure Vulnerability | 7.5 |
2023-07-11 | CVE-2023-32044 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-32045 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-32084 | Microsoft | Unspecified vulnerability in Microsoft products HTTP.sys Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33163 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network Load Balancing Remote Code Execution Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33165 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Security Feature Bypass Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33166 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33167 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33168 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33169 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33172 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-33173 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-34090 | Decidim | Unspecified vulnerability in Decidim Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. | 7.5 |
2023-07-11 | CVE-2023-35298 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 21H2 and Windows Server 2022 HTTP.sys Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35309 | Microsoft | Race Condition vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35311 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft 365 Apps, Office and Outlook Microsoft Outlook Security Feature Bypass Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35325 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Information Disclosure Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35330 | Microsoft | Unspecified vulnerability in Microsoft products Windows Extended Negotiation Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35333 | Microsoft | Unspecified vulnerability in Microsoft Pandocupload MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35338 | Microsoft | Unspecified vulnerability in Microsoft products Windows Peer Name Resolution Protocol Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35339 | Microsoft | Unspecified vulnerability in Microsoft products Windows CryptoAPI Denial of Service Vulnerability | 7.5 |
2023-07-11 | CVE-2023-35352 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Security Feature Bypass Vulnerability | 7.5 |
2023-07-11 | CVE-2022-23447 | Fortinet | Path Traversal vulnerability in Fortinet Fortiextender Firmware An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 7.5 |
2023-07-11 | CVE-2023-3354 | Qemu Redhat Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A flaw was found in the QEMU built-in VNC server. | 7.5 |
2023-07-11 | CVE-2023-31818 | Marukyu | Exposure of Resource to Wrong Sphere vulnerability in Marukyu Line 13.4.1 An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | 7.5 |
2023-07-11 | CVE-2023-36293 | Wmanager | SQL Injection vulnerability in Wmanager SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component. | 7.5 |
2023-07-11 | CVE-2022-31810 | Siemens | Out-of-bounds Write vulnerability in Siemens Sipass Integrated A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). | 7.5 |
2023-07-11 | CVE-2023-35920 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). | 7.5 |
2023-07-11 | CVE-2023-35921 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). | 7.5 |
2023-07-11 | CVE-2023-36521 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). | 7.5 |
2023-07-11 | CVE-2023-36917 | SAP | Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. | 7.5 |
2023-07-10 | CVE-2023-24487 | Citrix | Unspecified vulnerability in Citrix Application Delivery Controller and Gateway Arbitrary file read in Citrix ADC and Citrix Gateway? | 7.5 |
2023-07-10 | CVE-2023-34316 | Deltaww | Improper Access Control vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A/1.0.5 ?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | 7.5 |
2023-07-10 | CVE-2023-0359 | Zephyrproject | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr A missing nullptr-check in handle_ra_input can cause a nullptr-deref. | 7.5 |
2023-07-10 | CVE-2023-27540 | IBM | Allocation of Resources Without Limits or Throttling vulnerability in IBM Cloud PAK for Data and Watson Cp4D Data Stores IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. | 7.5 |
2023-07-10 | CVE-2023-30442 | IBM | Unspecified vulnerability in IBM DB2 11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. | 7.5 |
2023-07-10 | CVE-2023-30445 | IBM | Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. | 7.5 |
2023-07-10 | CVE-2023-30446 | IBM | Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. | 7.5 |
2023-07-10 | CVE-2023-30447 | IBM | Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. | 7.5 |
2023-07-10 | CVE-2023-30448 | IBM | Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. | 7.5 |
2023-07-10 | CVE-2023-30449 | IBM | Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | 7.5 |
2023-07-10 | CVE-2023-35696 | Sick | Exposure of Resource to Wrong Sphere vulnerability in Sick Icr890-4 Firmware Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. | 7.5 |
2023-07-10 | CVE-2023-35697 | Sick | Improper Restriction of Excessive Authentication Attempts vulnerability in Sick Icr890-4 Firmware Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | 7.5 |
2023-07-10 | CVE-2023-3270 | Sick | Exposure of Resource to Wrong Sphere vulnerability in Sick Icr890-4 Firmware Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | 7.5 |
2023-07-10 | CVE-2023-3271 | Sick | Unspecified vulnerability in Sick Icr890-4 Firmware Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints. | 7.5 |
2023-07-10 | CVE-2023-3272 | Sick | Cleartext Transmission of Sensitive Information vulnerability in Sick Icr890-4 Firmware Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | 7.5 |
2023-07-10 | CVE-2023-3273 | Sick | Unspecified vulnerability in Sick Icr890-4 Firmware Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control. | 7.5 |
2023-07-10 | CVE-2023-37288 | Smartsoft | Path Traversal vulnerability in Smartsoft Smartbpm.Net 6.70 SmartBPM.NET component has a vulnerability of path traversal within its file download function. | 7.5 |
2023-07-12 | CVE-2023-20185 | Cisco | Inadequate Encryption Strength vulnerability in Cisco Nx-Os A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. | 7.4 |
2023-07-11 | CVE-2023-21526 | Microsoft | Unspecified vulnerability in Microsoft products Windows Netlogon Information Disclosure Vulnerability | 7.4 |
2023-07-11 | CVE-2023-36749 | Siemens | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.4 |
2023-07-11 | CVE-2023-35874 | SAP | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. | 7.4 |
2023-07-10 | CVE-2021-42080 | Osnexus | Cross-site Scripting vulnerability in Osnexus Quantastor 4.3.0 An attacker is able to launch a Reflected XSS attack using a crafted URL. | 7.4 |
2023-07-13 | CVE-2023-21251 | Improper Input Validation vulnerability in Google Android In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. | 7.3 | |
2023-07-12 | CVE-2023-38068 | Jetbrains | Improper Control of Interaction Frequency vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms | 7.3 |
2023-07-11 | CVE-2023-32054 | Microsoft | Unspecified vulnerability in Microsoft products Volume Shadow Copy Elevation of Privilege Vulnerability | 7.3 |
2023-07-11 | CVE-2023-35870 | SAP | Incorrect Permission Assignment for Critical Resource vulnerability in SAP S4Core When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. | 7.3 |
2023-07-16 | CVE-2023-3692 | Admidio | Unrestricted Upload of File with Dangerous Type vulnerability in Admidio Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. | 7.2 |
2023-07-14 | CVE-2023-3673 | Pimcore | SQL Injection vulnerability in Pimcore SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. | 7.2 |
2023-07-14 | CVE-2023-3668 | Froxlor | Improper Encoding or Escaping of Output vulnerability in Froxlor Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21. | 7.2 |
2023-07-13 | CVE-2023-35691 | Out-of-bounds Read vulnerability in Google Android there is a possible out of bounds read due to a missing bounds check. | 7.2 | |
2023-07-12 | CVE-2023-37199 | Schneider Electric | Code Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. | 7.2 |
2023-07-12 | CVE-2023-37198 | Schneider Electric | Code Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. | 7.2 |
2023-07-12 | CVE-2023-3023 | Wpeasycart | Unspecified vulnerability in Wpeasycart WP Easycart The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
2023-07-11 | CVE-2023-32033 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Failover Cluster Remote Code Execution Vulnerability | 7.2 |
2023-07-11 | CVE-2023-35350 | Microsoft | Unspecified vulnerability in Microsoft products Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | 7.2 |
2023-07-11 | CVE-2023-36750 | Siemens | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |
2023-07-11 | CVE-2023-36751 | Siemens | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |
2023-07-11 | CVE-2023-36752 | Siemens | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |
2023-07-11 | CVE-2023-36753 | Siemens | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |
2023-07-11 | CVE-2023-36754 | Siemens | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |
2023-07-11 | CVE-2023-36755 | Siemens | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |
2023-07-11 | CVE-2023-23777 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiweb An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters. | 7.2 |
2023-07-11 | CVE-2023-36921 | SAP | Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. | 7.2 |
2023-07-11 | CVE-2023-36925 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. | 7.2 |
2023-07-10 | CVE-2021-42081 | Osnexus | OS Command Injection vulnerability in Osnexus Quantastor 4.3.0 An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. | 7.2 |
2023-07-10 | CVE-2021-4406 | Osnexus | Command Injection vulnerability in Osnexus Quantastor 4.3.0 An administrator is able to execute commands as root via the alerts management dialog | 7.2 |
2023-07-10 | CVE-2023-1208 | Riverside | Unspecified vulnerability in Riverside Http Headers This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. | 7.2 |
2023-07-10 | CVE-2023-29095 | Carrcommunications | SQL Injection vulnerability in Carrcommunications Rsvpmaker Auth. | 7.2 |
2023-07-10 | CVE-2023-2493 | Vsourz | Unspecified vulnerability in Vsourz ALL in ONE Redirection The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-07-12 | CVE-2023-37949 | Jenkins | Missing Authorization vulnerability in Jenkins Orka BY Macstadium A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
2023-07-12 | CVE-2023-37965 | Jenkins | Missing Authorization vulnerability in Jenkins Elasticbox CI A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
2023-07-11 | CVE-2023-35347 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Install Service Elevation of Privilege Vulnerability | 7.1 |
2023-07-11 | CVE-2023-33990 | SAP | Incorrect Permission Assignment for Critical Resource vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. | 7.1 |
2023-07-11 | CVE-2023-32050 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 R2 Windows Installer Elevation of Privilege Vulnerability | 7.0 |
2023-07-11 | CVE-2023-33156 | Microsoft | Unspecified vulnerability in Microsoft Malware Protection Engine Microsoft Defender Elevation of Privilege Vulnerability | 7.0 |
2023-07-11 | CVE-2023-35360 | Microsoft | Race Condition vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
2023-07-11 | CVE-2023-35361 | Microsoft | Race Condition vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
405 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-07-13 | CVE-2023-30564 | BD | Cross-site Scripting vulnerability in BD Alaris Systems Manager 4.33 Alaris Systems Manager does not perform input validation during the Device Import Function. | 6.9 |
2023-07-13 | CVE-2023-30560 | BD | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 9.33.1 The configuration from the PCU can be modified without authentication using physical connection to the PCU. | 6.8 |
2023-07-11 | CVE-2023-29347 | Microsoft | Unspecified vulnerability in Microsoft Windows Admin Center Windows Admin Center Spoofing Vulnerability | 6.8 |
2023-07-11 | CVE-2023-32043 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Security Feature Bypass Vulnerability | 6.8 |
2023-07-11 | CVE-2023-35332 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Protocol Security Feature Bypass | 6.8 |
2023-07-11 | CVE-2023-36748 | Siemens | Inadequate Encryption Strength vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 6.8 |
2023-07-11 | CVE-2023-29156 | Bluemark | Omission of Security-relevant Information vulnerability in Bluemark Dronescout Ds230 Firmware DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information. This issue affects DroneScout ds230 in default configuration from firmware version 20211210-1627 through 20230329-1042. | 6.8 |
2023-07-13 | CVE-2023-30562 | BD | Insufficient Verification of Data Authenticity vulnerability in BD Alaris Guardrails Editor 12.1.2 A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. | 6.7 |
2023-07-13 | CVE-2022-42045 | Watchdog Zemana | Certain Zemana products are vulnerable to Arbitrary code injection. | 6.7 |
2023-07-13 | CVE-2023-21400 | Google Debian | Improper Locking vulnerability in multiple products In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. | 6.7 |
2023-07-13 | CVE-2023-35693 | Use After Free vulnerability in Google Android In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. | 6.7 | |
2023-07-11 | CVE-2023-32055 | Microsoft | Unspecified vulnerability in Microsoft products Active Template Library Elevation of Privilege Vulnerability | 6.7 |
2023-07-11 | CVE-2023-35310 | Microsoft | Race Condition vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
2023-07-11 | CVE-2023-35344 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
2023-07-11 | CVE-2023-35345 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
2023-07-11 | CVE-2023-35346 | Microsoft | Race Condition vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
2023-07-11 | CVE-2023-35351 | Microsoft | Race Condition vulnerability in Microsoft products Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | 6.6 |
2023-07-14 | CVE-2023-34236 | Weave | Information Exposure vulnerability in Weave Gitops Terraform Controller 0.15.0 Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. | 6.5 |
2023-07-14 | CVE-2023-37472 | ENG | SQL Injection vulnerability in ENG Knowage Knowage is an open source suite for business analytics. | 6.5 |
2023-07-14 | CVE-2023-36850 | Juniper | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Juniper Junos An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS). Upon receiving a malformed CFM packet, the MPC crashes. | 6.5 |
2023-07-14 | CVE-2023-32759 | Archerirm | Exposure of Resource to Wrong Sphere vulnerability in Archerirm Archer 6.10.0.3/6.3.0.0/6.9.3.4 An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. | 6.5 |
2023-07-14 | CVE-2023-32760 | Archerirm | Exposure of Resource to Wrong Sphere vulnerability in Archerirm Archer 6.10.0.3/6.3.0.0/6.9.3.4 An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. | 6.5 |
2023-07-14 | CVE-2023-36834 | Juniper | Incomplete Internal State Distinction vulnerability in Juniper Junos An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS). If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. | 6.5 |
2023-07-14 | CVE-2023-36848 | Juniper | Improper Handling of Undefined Values vulnerability in Juniper Junos An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed CFM packet is received, it leads to an FPC crash. | 6.5 |
2023-07-14 | CVE-2023-36849 | Juniper | Improper Check or Handling of Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. | 6.5 |
2023-07-14 | CVE-2023-36833 | Juniper | Use After Free vulnerability in Juniper Junos OS Evolved A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. | 6.5 |
2023-07-13 | CVE-2023-37836 | Jpeg | Reachable Assertion vulnerability in Jpeg Libjpeg 1.63 libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. | 6.5 |
2023-07-13 | CVE-2023-37837 | Jpeg | Out-of-bounds Write vulnerability in Jpeg Libjpeg 1.63 libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. | 6.5 |
2023-07-13 | CVE-2023-37849 | Watchguard | Uncontrolled Search Path Element vulnerability in Watchguard Panda Security VPN A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. | 6.5 |
2023-07-13 | CVE-2023-35833 | Ysoft | Cleartext Transmission of Sensitive Information vulnerability in Ysoft Safeq Server 6.0 An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. | 6.5 |
2023-07-13 | CVE-2023-33768 | Belkin | Improper Verification of Cryptographic Signature vulnerability in Belkin Wemo Smart Plug Wsp080 Firmware 1.2 Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file. | 6.5 |
2023-07-13 | CVE-2023-34134 | Sonicwall | Unspecified vulnerability in Sonicwall Analytics and Global Management System Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. | 6.5 |
2023-07-13 | CVE-2023-34135 | Sonicwall | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. | 6.5 |
2023-07-13 | CVE-2023-37563 | Elecom | Unspecified vulnerability in Elecom products ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. | 6.5 |
2023-07-13 | CVE-2023-3444 | Gitlab | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches. | 6.5 |
2023-07-13 | CVE-2023-2190 | Gitlab | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. | 6.5 |
2023-07-13 | CVE-2023-34125 | Sonicwall | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. | 6.5 |
2023-07-12 | CVE-2023-37942 | Jenkins | XXE vulnerability in Jenkins External Monitor JOB Type Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
2023-07-12 | CVE-2023-37944 | Jenkins | Missing Authorization vulnerability in Jenkins Datadog A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2023-07-12 | CVE-2023-37951 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Mabl Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
2023-07-12 | CVE-2023-37952 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mabl A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2023-07-12 | CVE-2023-37953 | Jenkins | Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2023-07-12 | CVE-2023-37955 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Test Results Aggregator A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 6.5 |
2023-07-12 | CVE-2023-37956 | Jenkins | Missing Authorization vulnerability in Jenkins Test Results Aggregator A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 6.5 |
2023-07-12 | CVE-2023-37959 | Jenkins | Missing Authorization vulnerability in Jenkins Sumologic Publisher A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 |
2023-07-12 | CVE-2023-37960 | Jenkins | Path Traversal vulnerability in Jenkins Mathworks Polyspace Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. | 6.5 |
2023-07-12 | CVE-2023-3618 | Libtiff Debian Redhat | Classic Buffer Overflow vulnerability in multiple products A flaw was found in libtiff. | 6.5 |
2023-07-12 | CVE-2023-20207 | DUO | Cleartext Storage of Sensitive Information vulnerability in DUO Authentication Proxy 5.8.1/6.0.0 A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. | 6.5 |
2023-07-12 | CVE-2023-37456 | Mozilla | Unspecified vulnerability in Mozilla Firefox The session restore helper crashed whenever there was no parameter sent to the message handler. | 6.5 |
2023-07-12 | CVE-2023-38062 | Jetbrains | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations | 6.5 |
2023-07-12 | CVE-2023-38064 | Jetbrains | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log | 6.5 |
2023-07-12 | CVE-2023-38067 | Jetbrains | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | 6.5 |
2023-07-12 | CVE-2022-46651 | Apache | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. | 6.5 |
2023-07-12 | CVE-2023-22887 | Apache | Path Traversal vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. | 6.5 |
2023-07-12 | CVE-2023-22888 | Apache | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. | 6.5 |
2023-07-12 | CVE-2023-31007 | Apache | Improper Authentication vulnerability in Apache Pulsar Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions. | 6.5 |
2023-07-12 | CVE-2023-35908 | Apache | Incorrect Authorization vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected | 6.5 |
2023-07-12 | CVE-2023-36543 | Apache | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected | 6.5 |
2023-07-12 | CVE-2023-37579 | Apache | Incorrect Authorization vulnerability in Apache Pulsar Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. | 6.5 |
2023-07-11 | CVE-2023-29406 | Golang | Interpretation Conflict vulnerability in Golang GO The HTTP/1 client does not fully validate the contents of the Host header. | 6.5 |
2023-07-11 | CVE-2023-20575 | AMD | Information Exposure Through Discrepancy vulnerability in AMD products A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information. | 6.5 |
2023-07-11 | CVE-2023-32037 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | 6.5 |
2023-07-11 | CVE-2023-33151 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Outlook Spoofing Vulnerability | 6.5 |
2023-07-11 | CVE-2023-33164 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35296 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35308 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35314 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35316 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Information Disclosure Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35318 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35319 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35321 | Microsoft | Unspecified vulnerability in Microsoft products Windows Deployment Services Denial of Service Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35329 | Microsoft | Unspecified vulnerability in Microsoft products Windows Authentication Denial of Service Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35331 | Microsoft | Unspecified vulnerability in Microsoft products Windows Local Security Authority (LSA) Denial of Service Vulnerability | 6.5 |
2023-07-11 | CVE-2023-35348 | Microsoft | Unspecified vulnerability in Microsoft products Active Directory Federation Service Security Feature Bypass Vulnerability | 6.5 |
2023-07-11 | CVE-2023-36868 | Microsoft | Unspecified vulnerability in Microsoft Azure Service Fabric 9.0/9.1 Azure Service Fabric on Windows Information Disclosure Vulnerability | 6.5 |
2023-07-11 | CVE-2023-36871 | Microsoft | Unspecified vulnerability in Microsoft products Azure Active Directory Security Feature Bypass Vulnerability | 6.5 |
2023-07-11 | CVE-2023-24881 | Microsoft | Unspecified vulnerability in Microsoft Teams Microsoft Teams Information Disclosure Vulnerability | 6.5 |
2023-07-11 | CVE-2023-25606 | Fortinet | Path Traversal vulnerability in Fortinet Fortianalyzer and Fortimanager An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 6.5 |
2023-07-11 | CVE-2023-24417 | Tiggerswelt | Cross-Site Request Forgery (CSRF) vulnerability in Tiggerswelt Worthy Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions. | 6.5 |
2023-07-11 | CVE-2023-25443 | WOW Company | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions. | 6.5 |
2023-07-11 | CVE-2023-25706 | Pagup | Cross-Site Request Forgery (CSRF) vulnerability in Pagup Better Robots.Txt Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions. | 6.5 |
2023-07-11 | CVE-2023-32104 | Mycurator Content Curation Project | Cross-Site Request Forgery (CSRF) vulnerability in Mycurator Content Curation Project Mycurator Content Curation Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions. | 6.5 |
2023-07-11 | CVE-2023-34029 | Disable Wordpress Update Notifications AND Auto Update Email Notifications Project | Cross-Site Request Forgery (CSRF) vulnerability in Disable Wordpress Update Notifications and Auto-Update Email Notifications Project Disable Wordpress Update Notifications and Auto-Update Email Notifications Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions. | 6.5 |
2023-07-11 | CVE-2023-23671 | WEB Settler | Cross-Site Request Forgery (CSRF) vulnerability in Web-Settler Layer Slider Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. | 6.5 |
2023-07-11 | CVE-2023-34185 | Wordpress Nextgen Galleryview Project | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Nextgen Galleryview Project Wordpress Nextgen Galleryview Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions. | 6.5 |
2023-07-11 | CVE-2023-35047 | Areoi | Cross-Site Request Forgery (CSRF) vulnerability in Areoi ALL Bootstrap Blocks Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions. | 6.5 |
2023-07-11 | CVE-2023-35778 | Recent Posts Slider Project | Cross-Site Request Forgery (CSRF) vulnerability in Recent Posts Slider Project Recent Posts Slider Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions. | 6.5 |
2023-07-11 | CVE-2023-35780 | Galleria Project | Cross-Site Request Forgery (CSRF) vulnerability in Galleria Project Galleria 1.0.0/1.0.2/1.0.3 Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions. | 6.5 |
2023-07-11 | CVE-2023-36687 | Dontdream | Cross-Site Request Forgery (CSRF) vulnerability in Dontdream Menubar Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions. | 6.5 |
2023-07-11 | CVE-2023-37391 | Wpmobilepack | Cross-Site Request Forgery (CSRF) vulnerability in Wpmobilepack Wordpress Mobile Pack Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions. | 6.5 |
2023-07-11 | CVE-2023-33992 | SAP | Missing Authorization vulnerability in SAP Business Warehouse and Bw/4Hana The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. | 6.5 |
2023-07-11 | CVE-2023-35872 | SAP | Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50 The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. | 6.5 |
2023-07-11 | CVE-2023-35873 | SAP | Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50 The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. | 6.5 |
2023-07-10 | CVE-2023-28955 | IBM | Unspecified vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.5.3 IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. | 6.5 |
2023-07-10 | CVE-2023-29256 | IBM | Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. | 6.5 |
2023-07-10 | CVE-2023-3566 | Wallabag | Allocation of Resources Without Limits or Throttling vulnerability in Wallabag 2.5.4 A vulnerability was found in wallabag 2.5.4. | 6.5 |
2023-07-10 | CVE-2023-3574 | Pimcore | Unspecified vulnerability in Pimcore Customer Management Framework Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. | 6.5 |
2023-07-14 | CVE-2023-36888 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge for Android (Chromium-based) Tampering Vulnerability | 6.3 |
2023-07-16 | CVE-2023-3691 | Layui | Cross-site Scripting vulnerability in Layui A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. | 6.1 |
2023-07-16 | CVE-2023-3684 | Livelyworks | Open Redirect vulnerability in Livelyworks Articart 2.0.1 A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. | 6.1 |
2023-07-15 | CVE-2023-2507 | Clevertap | Cross-site Scripting vulnerability in Clevertap 2.6.2 CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | 6.1 |
2023-07-15 | CVE-2023-3681 | Retro Cellphone Online Store Project | Cross-site Scripting vulnerability in Retro Cellphone Online Store Project Retro Cellphone Online Store 1.0 A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. | 6.1 |
2023-07-14 | CVE-2023-3672 | Plaidweb | Cross-site Scripting vulnerability in Plaidweb Webmention.Js Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5. | 6.1 |
2023-07-13 | CVE-2023-36473 | Discourse | Cross-site Scripting vulnerability in Discourse Discourse is an open source discussion platform. | 6.1 |
2023-07-13 | CVE-2023-30561 | BD | Missing Encryption of Sensitive Data vulnerability in BD Alaris 8015 PCU Firmware 9.33.1 The data flowing between the PCU and its modules is insecure. | 6.1 |
2023-07-13 | CVE-2023-37746 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0 A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | 6.1 |
2023-07-13 | CVE-2023-37743 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Teacher Subject Allocation System 1.0 A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. | 6.1 |
2023-07-13 | CVE-2023-37744 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0 Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. | 6.1 |
2023-07-13 | CVE-2023-37745 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0 A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | 6.1 |
2023-07-13 | CVE-2023-3660 | Retro Cellphone Online Store Project | Cross-site Scripting vulnerability in Retro Cellphone Online Store Project Retro Cellphone Online Store 1.0 A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. | 6.1 |
2023-07-13 | CVE-2023-3659 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 AC Repair and Services System 1.0 A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. | 6.1 |
2023-07-13 | CVE-2023-29455 | Zabbix | Cross-site Scripting vulnerability in Zabbix Frontend Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. | 6.1 |
2023-07-13 | CVE-2023-29457 | Zabbix | Cross-site Scripting vulnerability in Zabbix Frontend Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. | 6.1 |
2023-07-13 | CVE-2023-37560 | Elecom | Cross-site Scripting vulnerability in Elecom Wrh-300Wh-H Firmware and Wtc-300Hwh Firmware Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 |
2023-07-13 | CVE-2023-37561 | Elecom | Open Redirect vulnerability in Elecom products Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 6.1 |
2023-07-12 | CVE-2023-37630 | Simple Online Piggery Management System Project | Cross-site Scripting vulnerability in Simple Online Piggery Management System Project Simple Online Piggery Management System 1.0 Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2023-07-12 | CVE-2023-3641 | Nodcms | Cross-site Scripting vulnerability in Nodcms 3.4.1 A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. | 6.1 |
2023-07-12 | CVE-2023-3642 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts Vacation Rental Website 1.8 A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. | 6.1 |
2023-07-12 | CVE-2023-37947 | Jenkins | Open Redirect vulnerability in Jenkins Openshift Login Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | 6.1 |
2023-07-12 | CVE-2023-38066 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads | 6.1 |
2023-07-12 | CVE-2023-3080 | Jamesward | Unspecified vulnerability in Jamesward WP Mail Catcher The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3081 | Awesomemotive | Unspecified vulnerability in Awesomemotive WP Mail Logging The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3082 | Wpexperts | Unspecified vulnerability in Wpexperts Post Smtp Mailer The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3087 | Wpmanageninja | Unspecified vulnerability in Wpmanageninja Fluentsmtp The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3088 | Wpvibes | Unspecified vulnerability in Wpvibes WP Mail LOG The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3092 | Photoboxone | Unspecified vulnerability in Photoboxone Smtp Mail 1.2.16 The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. | 6.1 |
2023-07-12 | CVE-2023-3093 | Yaycommerce | Cross-site Scripting vulnerability in Yaycommerce Yaysmtp The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3122 | Dev4Press | Cross-site Scripting vulnerability in Dev4Press GD Mail Queue 3.9.3 The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3135 | Oacstudio | Unspecified vulnerability in Oacstudio Mailtree LOG Mail 1.0.0 The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3158 | Instareza | Unspecified vulnerability in Instareza Mail Control 0.2.8 The Mail Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 0.2.8 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3166 | Lanacodes | Unspecified vulnerability in Lanacodes Lana Email Logger 1.0.2 The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3167 | Webdesignmunich | Unspecified vulnerability in Webdesignmunich Mail Queue 1.1 The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-12 | CVE-2023-3168 | WP Reroute Email Project | Unspecified vulnerability in WP Reroute Email Project WP Reroute Email The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-11 | CVE-2023-23756 | Advcomsys | Cross-site Scripting vulnerability in Advcomsys Onevote! 1.7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. | 6.1 |
2023-07-11 | CVE-2023-37280 | Pimcore | Cross-site Scripting vulnerability in Pimcore Admin Classic Bundle 1.0.0/1.0.1/1.0.2 Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. | 6.1 |
2023-07-11 | CVE-2023-32693 | Decidim | Cross-site Scripting vulnerability in Decidim Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. | 6.1 |
2023-07-11 | CVE-2023-33171 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.1 |
2023-07-11 | CVE-2023-34089 | Decidim | Cross-site Scripting vulnerability in Decidim Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. | 6.1 |
2023-07-11 | CVE-2023-36163 | Buildagate Project | Cross-site Scripting vulnerability in Buildagate Project Buildagate 5 Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL. | 6.1 |
2023-07-11 | CVE-2023-36386 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 6.1 |
2023-07-11 | CVE-2023-36389 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 6.1 |
2023-07-11 | CVE-2023-36390 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 6.1 |
2023-07-11 | CVE-2023-33988 | SAP | Cross-site Scripting vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information. | 6.1 |
2023-07-11 | CVE-2023-36918 | SAP | Cross-site Scripting vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information. | 6.1 |
2023-07-10 | CVE-2023-24488 | Citrix | Cross-site Scripting vulnerability in Citrix Application Delivery Controller and Gateway Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting | 6.1 |
2023-07-10 | CVE-2023-36936 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Security Guards Hiring System 1.0 Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box. | 6.1 |
2023-07-10 | CVE-2023-36939 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1 Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. | 6.1 |
2023-07-10 | CVE-2015-10119 | Oomphinc | Cross-site Scripting vulnerability in Oomphinc View ALL Post'S Pages A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. | 6.1 |
2023-07-10 | CVE-2015-10120 | Webdevstudios | Cross-site Scripting vulnerability in Webdevstudios WDS Multisite Aggregate A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. | 6.1 |
2023-07-10 | CVE-2015-10121 | Beeliked | Cross-site Scripting vulnerability in Beeliked A vulnerability has been found in Beeliked Microsite Plugin up to 1.0.1 on WordPress and classified as problematic. | 6.1 |
2023-07-10 | CVE-2023-1119 | Srbtranslatin Project Updraftplus | The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. | 6.1 |
2023-07-10 | CVE-2023-1780 | Codeermeneer | Cross-site Scripting vulnerability in Codeermeneer Companion Sitemap Generator The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
2023-07-10 | CVE-2023-2853 | Softmedyazilim | Cross-site Scripting vulnerability in Softmedyazilim Selfpatron Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS.This issue affects SelfPatron : before 2.0. | 6.1 |
2023-07-10 | CVE-2023-37150 | Online Pizza Ordering System Project | Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item. | 6.1 |
2023-07-10 | CVE-2023-37153 | Kodcloud | Cross-site Scripting vulnerability in Kodcloud Kodexplorer 4.51 KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. | 6.1 |
2023-07-10 | CVE-2023-3118 | Atlasgondal | Unspecified vulnerability in Atlasgondal Export ALL Urls The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-07-10 | CVE-2023-3554 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts GZ Forum Script 1.8 A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. | 6.1 |
2023-07-10 | CVE-2023-3555 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts PHP Vacation Rental Script 1.8 A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. | 6.1 |
2023-07-10 | CVE-2023-3556 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts CAR Listing Script PHP 1.8 A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. | 6.1 |
2023-07-10 | CVE-2023-3557 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts Property Listing Script 1.0 A vulnerability was found in GZ Scripts Property Listing Script 1.0. | 6.1 |
2023-07-10 | CVE-2023-3559 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts PHP GZ Appointment Scheduling Script 1.8 A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. | 6.1 |
2023-07-10 | CVE-2023-3560 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts Ticket Booking Script 1.8 A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. | 6.1 |
2023-07-10 | CVE-2023-3561 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts PHP GZ Hotel Booking Script 1.8 A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. | 6.1 |
2023-07-10 | CVE-2023-3562 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts PHP CRM Platform 1.8 A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. | 6.1 |
2023-07-10 | CVE-2023-3563 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts GZ E Learning Platform 1.8 A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. | 6.1 |
2023-07-10 | CVE-2023-3564 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts GZ Multi Hotel Booking System 1.8 A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. | 6.1 |
2023-07-12 | CVE-2023-20210 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. | 6.0 |
2023-07-15 | CVE-2021-31294 | Redis | Reachable Assertion vulnerability in Redis Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). | 5.9 |
2023-07-12 | CVE-2023-37943 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Active Directory Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials. | 5.9 |
2023-07-13 | CVE-2023-30559 | BD | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1 The firmware update package for the wireless card is not properly signed and can be modified. | 5.7 |
2023-07-14 | CVE-2023-36840 | Juniper | Reachable Assertion vulnerability in Juniper Junos A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. | 5.5 |
2023-07-14 | CVE-2023-37224 | Archerirm | Information Exposure Through Log Files vulnerability in Archerirm Archer An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. | 5.5 |
2023-07-14 | CVE-2023-38252 | Tats Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. | 5.5 |
2023-07-14 | CVE-2023-38253 | Tats Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. | 5.5 |
2023-07-14 | CVE-2023-36838 | Juniper | Out-of-bounds Read vulnerability in Juniper Junos An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. | 5.5 |
2023-07-14 | CVE-2023-3433 | Savoirfairelinux | Unspecified vulnerability in Savoirfairelinux Jami 20222284 The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. | 5.5 |
2023-07-14 | CVE-2023-3648 | Wireshark | Unspecified vulnerability in Wireshark Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file | 5.5 |
2023-07-14 | CVE-2023-3649 | Wireshark | Out-of-bounds Read vulnerability in Wireshark iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file | 5.5 |
2023-07-13 | CVE-2023-37468 | THM | Cleartext Storage of Sensitive Information vulnerability in THM Feedbacksystem Feedbacksystem is a personalized feedback system for students using artificial intelligence. | 5.5 |
2023-07-13 | CVE-2023-21260 | Origin Validation Error vulnerability in Google Android In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation. | 5.5 | |
2023-07-13 | CVE-2021-0948 | Use of Uninitialized Resource vulnerability in Google Android The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. | 5.5 | |
2023-07-13 | CVE-2023-20942 | Unspecified vulnerability in Google Android 12.0/12.1/13.0 In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. | 5.5 | |
2023-07-13 | CVE-2023-21238 | Unspecified vulnerability in Google Android In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. | 5.5 | |
2023-07-13 | CVE-2023-21239 | Unspecified vulnerability in Google Android 12.0/12.1/13.0 In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. | 5.5 | |
2023-07-13 | CVE-2023-21240 | Resource Exhaustion vulnerability in Google Android In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. | 5.5 | |
2023-07-13 | CVE-2023-21243 | Classic Buffer Overflow vulnerability in Google Android In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. | 5.5 | |
2023-07-13 | CVE-2023-21249 | Improper Preservation of Permissions vulnerability in Google Android 13.0 In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. | 5.5 | |
2023-07-12 | CVE-2023-29309 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29310 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29311 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29312 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29313 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29314 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29315 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29316 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29317 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29318 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-29319 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-36266 | Keepersecurity | Insufficiently Protected Credentials vulnerability in Keepersecurity Keeper and Keeperfill An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. | 5.5 |
2023-07-12 | CVE-2021-43758 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2021-43759 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2021-43760 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2021-44696 | Adobe | Out-of-bounds Read vulnerability in Adobe Prelude Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-07-12 | CVE-2023-30913 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30918 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30919 | Missing Authorization vulnerability in Google Android In messaging service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30920 | Missing Authorization vulnerability in Google Android In messaging service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30921 | Missing Authorization vulnerability in Google Android In messaging service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30922 | Missing Authorization vulnerability in Google Android In messaging service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30923 | Missing Authorization vulnerability in Google Android In messaging service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30924 | Missing Authorization vulnerability in Google Android In messaging service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30925 | Missing Authorization vulnerability in Google Android In opm service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30926 | Missing Authorization vulnerability in Google Android In opm service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30927 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30930 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30931 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30932 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30933 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30934 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30935 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30936 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30937 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30938 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30939 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30940 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30941 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-30942 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-32788 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-32789 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33881 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33882 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33883 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33884 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33885 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33886 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33887 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33888 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33889 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33890 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33891 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33892 | Missing Authorization vulnerability in Google Android In fastDial service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33893 | Missing Authorization vulnerability in Google Android In fastDial service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33894 | Missing Authorization vulnerability in Google Android In fastDial service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33895 | Missing Authorization vulnerability in Google Android In fastDial service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33898 | Unisoc | Missing Authorization vulnerability in Unisoc products In telephony service, there is a missing permission check. | 5.5 |
2023-07-12 | CVE-2023-33899 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33900 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33901 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In bluetooth service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-33902 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In bluetooth service, there is a missing permission check. | 5.5 | |
2023-07-12 | CVE-2023-37200 | SE | XXE vulnerability in SE Ecostruxure OPC UA Server Expert 2.01 A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server. | 5.5 |
2023-07-12 | CVE-2023-30226 | Rizin | Excessive Iteration vulnerability in Rizin An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file. | 5.5 |
2023-07-11 | CVE-2023-37174 | Gpac | Unspecified vulnerability in Gpac 2.3Devrev381G817A848F6Master GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c. | 5.5 |
2023-07-11 | CVE-2023-37765 | Gpac | Unspecified vulnerability in Gpac 2.3Devrev381G817A848F6Master GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so. | 5.5 |
2023-07-11 | CVE-2023-37766 | Gpac | Unspecified vulnerability in Gpac 2.3Devrev381G817A848F6Master GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. | 5.5 |
2023-07-11 | CVE-2023-37767 | Gpac | Unspecified vulnerability in Gpac 2.3Devrev381G817A848F6Master GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. | 5.5 |
2023-07-11 | CVE-2023-32039 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-32040 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-32041 | Microsoft | Unspecified vulnerability in Microsoft products Windows Update Orchestrator Service Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-32085 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-33162 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Office and Office Online Server Microsoft Excel Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-33174 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-35306 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-35324 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-35326 | Microsoft | Unspecified vulnerability in Microsoft products Windows CDP User Components Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-35341 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft DirectMusic Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2023-36872 | Microsoft | Unspecified vulnerability in Microsoft VP9 Video Extensions 1.0.42791.0 VP9 Video Extensions Information Disclosure Vulnerability | 5.5 |
2023-07-11 | CVE-2020-20118 | Avast | Classic Buffer Overflow vulnerability in Avast Antivirus Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. | 5.5 |
2023-07-10 | CVE-2023-24486 | Citrix | Unspecified vulnerability in Citrix Workspace A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | 5.5 |
2023-07-10 | CVE-2023-23348 | Hcltechsw | Unspecified vulnerability in Hcltechsw HCL Launch HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | 5.5 |
2023-07-10 | CVE-2023-26590 | SOX Project Redhat Fedoraproject | Incorrect Comparison vulnerability in multiple products A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. | 5.5 |
2023-07-10 | CVE-2023-32627 | SOX Project Redhat Fedoraproject | Incorrect Comparison vulnerability in multiple products A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. | 5.5 |
2023-07-10 | CVE-2023-1183 | Libreoffice Fedoraproject Redhat | Path Traversal vulnerability in multiple products A flaw was found in the Libreoffice package. | 5.5 |
2023-07-16 | CVE-2023-3685 | Nesote | Cross-site Scripting vulnerability in Nesote Inout Search Engine AI Edition 1.1 A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1. | 5.4 |
2023-07-16 | CVE-2023-3683 | Livelyworks | Cross-site Scripting vulnerability in Livelyworks Articart 2.0.1 A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. | 5.4 |
2023-07-15 | CVE-2023-38350 | Pnp4Nagios | Cross-site Scripting vulnerability in Pnp4Nagios 0.6.26 PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. | 5.4 |
2023-07-14 | CVE-2023-24896 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 10.0.11 Dynamics 365 Finance Spoofing Vulnerability | 5.4 |
2023-07-14 | CVE-2023-37223 | Archerirm | Cross-site Scripting vulnerability in Archerirm Archer Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script. | 5.4 |
2023-07-14 | CVE-2023-3434 | Savoirfairelinux | Unspecified vulnerability in Savoirfairelinux Jami 20222284 Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. | 5.4 |
2023-07-14 | CVE-2023-2082 | Buymeacoffee | Unspecified vulnerability in Buymeacoffee BUY ME a Coffee The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. | 5.4 |
2023-07-13 | CVE-2023-37272 | SOS Berlin | Cross-site Scripting vulnerability in Sos-Berlin Jobscheduler JS7 is an Open Source Job Scheduler. | 5.4 |
2023-07-13 | CVE-2023-31705 | Task Reminder System Project | Cross-site Scripting vulnerability in Task Reminder System Project Task Reminder System 1.0 A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter. | 5.4 |
2023-07-13 | CVE-2023-29452 | Zabbix | Cross-site Scripting vulnerability in Zabbix Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. | 5.4 |
2023-07-13 | CVE-2023-29454 | Zabbix | Cross-site Scripting vulnerability in Zabbix Frontend Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. | 5.4 |
2023-07-13 | CVE-2023-29456 | Zabbix | Cross-site Scripting vulnerability in Zabbix Frontend URL validation scheme receives input from a user and then parses it to identify its various components. | 5.4 |
2023-07-13 | CVE-2023-3319 | Idisplay | Cross-site Scripting vulnerability in Idisplay Platplay DS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14. | 5.4 |
2023-07-13 | CVE-2023-2200 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field. | 5.4 |
2023-07-12 | CVE-2023-37963 | Jenkins | Missing Authorization vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1 A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | 5.4 |
2023-07-12 | CVE-2023-37455 | Mozilla | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. | 5.4 |
2023-07-12 | CVE-2023-38061 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible | 5.4 |
2023-07-12 | CVE-2023-38063 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible | 5.4 |
2023-07-12 | CVE-2023-38065 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible | 5.4 |
2023-07-11 | CVE-2023-32052 | Microsoft | Unspecified vulnerability in Microsoft Power Apps Microsoft Power Apps (online) Spoofing Vulnerability | 5.4 |
2023-07-11 | CVE-2023-35336 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Security Feature Bypass Vulnerability | 5.4 |
2023-07-11 | CVE-2023-37657 | Lm21 | Cross-site Scripting vulnerability in Lm21 Twonav 2.0.2820230624 TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
2023-07-11 | CVE-2023-37658 | Fastposter | Cross-site Scripting vulnerability in Fastposter Fast-Poster 2.15.0 fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
2023-07-11 | CVE-2023-3620 | Tarteaucitron | Cross-site Scripting vulnerability in Tarteaucitron Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1. | 5.4 |
2023-07-10 | CVE-2023-30963 | Palantir | Cross-site Scripting vulnerability in Palantir Foundry Frontend 6.228.0 A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. | 5.4 |
2023-07-10 | CVE-2023-36375 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1 Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page. | 5.4 |
2023-07-10 | CVE-2021-42083 | Osnexus | Cross-site Scripting vulnerability in Osnexus Quantastor 4.3.0 An authenticated attacker is able to create alerts that trigger a stored XSS attack. | 5.4 |
2023-07-10 | CVE-2023-2529 | Enable SVG Uploads Project | Unspecified vulnerability in Enable SVG Uploads Project Enable SVG Uploads The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 5.4 |
2023-07-10 | CVE-2023-2964 | Simple Iframe Project | Unspecified vulnerability in Simple Iframe Project Simple Iframe The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. | 5.4 |
2023-07-10 | CVE-2023-3558 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts Event Booking Calendar 1.8 A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. | 5.4 |
2023-07-10 | CVE-2023-3565 | Teampass | Cross-site Scripting vulnerability in Teampass Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | 5.4 |
2023-07-14 | CVE-2023-2975 | Openssl Netapp | Improper Authentication vulnerability in multiple products Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. | 5.3 |
2023-07-13 | CVE-2023-34458 | Multiversx | Unspecified vulnerability in Multiversx Mx-Chain-Go mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. | 5.3 |
2023-07-13 | CVE-2023-34131 | Sonicwall | Unspecified vulnerability in Sonicwall Analytics and Global Management System Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. | 5.3 |
2023-07-13 | CVE-2023-3362 | Gitlab | Information Exposure Through an Error Message vulnerability in Gitlab 16.0.0/16.1.0 An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | 5.3 |
2023-07-11 | CVE-2022-48521 | Opendkim | Unspecified vulnerability in Opendkim An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. | 5.3 |
2023-07-11 | CVE-2023-35373 | Microsoft | Unspecified vulnerability in Microsoft Mono Mono Authenticode Validation Spoofing Vulnerability | 5.3 |
2023-07-11 | CVE-2023-1672 | Tang Project Fedoraproject Redhat | Race Condition vulnerability in multiple products A race condition exists in the Tang server functionality for key generation and key rotation. | 5.3 |
2023-07-11 | CVE-2022-29562 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 5.3 |
2023-07-11 | CVE-2023-2079 | Buymeacoffee | Unspecified vulnerability in Buymeacoffee BUY ME a Coffee The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. | 5.3 |
2023-07-11 | CVE-2023-31405 | SAP | Improper Output Neutralization for Logs vulnerability in SAP Netweaver Application Server for Java 7.50 SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. | 5.3 |
2023-07-11 | CVE-2023-36919 | SAP | Intentional Information Exposure vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure. | 5.3 |
2023-07-10 | CVE-2023-30956 | Palantir | Unspecified vulnerability in Palantir Foundry Comments A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. | 5.3 |
2023-07-10 | CVE-2023-2796 | Myeventon | Missing Authorization vulnerability in Myeventon Eventon The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. | 5.3 |
2023-07-10 | CVE-2023-35698 | Sick | Information Exposure Through Discrepancy vulnerability in Sick Icr890-4 Firmware Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. | 5.3 |
2023-07-10 | CVE-2023-3219 | Myeventon | Authorization Bypass Through User-Controlled Key vulnerability in Myeventon Eventon The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post. | 5.3 |
2023-07-13 | CVE-2023-29449 | Zabbix | Allocation of Resources Without Limits or Throttling vulnerability in Zabbix JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. | 4.9 |
2023-07-12 | CVE-2023-38046 | Paloaltonetworks | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os 11.0.0 A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | 4.9 |
2023-07-11 | CVE-2023-32083 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Failover Cluster Information Disclosure Vulnerability | 4.9 |
2023-07-11 | CVE-2023-36924 | SAP | Improper Output Neutralization for Logs vulnerability in SAP ERP Defense Forces and Public Security While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. | 4.9 |
2023-07-10 | CVE-2021-42079 | Osnexus | Server-Side Request Forgery (SSRF) vulnerability in Osnexus Quantastor 4.3.0 An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. | 4.9 |
2023-07-13 | CVE-2023-37785 | Impresscms | Cross-site Scripting vulnerability in Impresscms A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. | 4.8 |
2023-07-13 | CVE-2023-37786 | Geeklog | Cross-site Scripting vulnerability in Geeklog 2.2.2 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php. | 4.8 |
2023-07-13 | CVE-2023-37787 | Geeklog | Cross-site Scripting vulnerability in Geeklog 2.2.2 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php. | 4.8 |
2023-07-12 | CVE-2023-3369 | Wpmaniax | Unspecified vulnerability in Wpmaniax About ME 3000 The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. | 4.8 |
2023-07-11 | CVE-2023-37189 | Issabel | Cross-site Scripting vulnerability in Issabel PBX 4 A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module. | 4.8 |
2023-07-11 | CVE-2023-37190 | Issabel | Cross-site Scripting vulnerability in Issabel PBX 4.0.06 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature. | 4.8 |
2023-07-11 | CVE-2023-37191 | Issabel | Cross-site Scripting vulnerability in Issabel PBX 4.0.06 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters. | 4.8 |
2023-07-10 | CVE-2023-36940 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Fire Reporting System 1.2 Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field. | 4.8 |
2023-07-10 | CVE-2023-2026 | Image Protector Project | Unspecified vulnerability in Image Protector Project Image Protector 1.0/1.1 The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-07-10 | CVE-2023-2028 | Stpetedesign | Unspecified vulnerability in Stpetedesign Call NOW Accessibility Button 1.0.2 The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-07-10 | CVE-2023-2029 | Enzipe | Unspecified vulnerability in Enzipe Prepost SEO 3.0 The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-07-10 | CVE-2023-2578 | Buymeacoffee | Unspecified vulnerability in Buymeacoffee BUY ME a Coffee The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-07-10 | CVE-2023-2635 | Stpetedesign | Unspecified vulnerability in Stpetedesign Call NOW Accessibility Button 1.0.2 The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-07-10 | CVE-2023-2709 | AN Gradebook Project | Unspecified vulnerability in AN Gradebook Project AN Gradebook The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-07-10 | CVE-2023-2967 | Tinymce Custom Styles Project | Unspecified vulnerability in Tinymce Custom Styles Project Tinymce Custom Styles The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-07-10 | CVE-2023-36376 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1 Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. | 4.8 |
2023-07-10 | CVE-2023-3129 | Kaizencoders | Unspecified vulnerability in Kaizencoders URL Shortify The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-07-10 | CVE-2023-3175 | Quantumcloud | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2023-07-10 | CVE-2023-3225 | WOW Company | Unspecified vulnerability in Wow-Company Float Menu The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-07-10 | CVE-2023-3568 | Fossbilling | Open Redirect vulnerability in Fossbilling Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 4.8 |
2023-07-14 | CVE-2023-36836 | Juniper | Use of Uninitialized Resource vulnerability in Juniper Junos A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. | 4.7 |
2023-07-11 | CVE-2023-3108 | Linux | Race Condition vulnerability in Linux Kernel A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. | 4.7 |
2023-07-15 | CVE-2023-30791 | Plane | Unrestricted Upload of File with Dangerous Type vulnerability in Plane 0.7.1 Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | 4.6 |
2023-07-10 | CVE-2023-35699 | Sick | Cleartext Storage of Sensitive Information vulnerability in Sick Icr890-4 Firmware Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | 4.6 |
2023-07-13 | CVE-2023-37598 | Issabel | Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX 4.0.06 A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. | 4.5 |
2023-07-12 | CVE-2022-48450 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 In bluetooth service, there is a possible missing params check. | 4.4 | |
2023-07-12 | CVE-2023-33896 | Out-of-bounds Write vulnerability in Google Android In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-07-12 | CVE-2023-33897 | Out-of-bounds Write vulnerability in Google Android In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-07-12 | CVE-2023-33903 | Unspecified vulnerability in Google Android In FM service, there is a possible missing params check. | 4.4 | |
2023-07-12 | CVE-2023-33904 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In hci_server, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-07-12 | CVE-2023-33905 | Out-of-bounds Write vulnerability in Google Android In iwnpi server, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-07-14 | CVE-2023-36466 | Discourse | Improper Authentication vulnerability in Discourse Discourse is an open source discussion platform. | 4.3 |
2023-07-14 | CVE-2023-36883 | Microsoft | Unspecified vulnerability in Microsoft Edge 108.0.1462.42 Microsoft Edge for iOS Spoofing Vulnerability | 4.3 |
2023-07-13 | CVE-2023-37275 | Agpt | Improper Output Neutralization for Logs vulnerability in Agpt Auto-Gpt Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. | 4.3 |
2023-07-13 | CVE-2023-2576 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. | 4.3 |
2023-07-12 | CVE-2023-37945 | Jenkins | Missing Authorization vulnerability in Jenkins Saml Single Sign on 2.1.0/2.2.0/2.3.0 A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm. | 4.3 |
2023-07-12 | CVE-2023-37950 | Jenkins | Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2023-07-12 | CVE-2023-37954 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rebuilder A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build. | 4.3 |
2023-07-12 | CVE-2020-36760 | Oceanwp | Unspecified vulnerability in Oceanwp Ocean Extra The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. | 4.3 |
2023-07-12 | CVE-2020-36761 | Webberzone | Unspecified vulnerability in Webberzone TOP 10 The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. | 4.3 |
2023-07-12 | CVE-2021-4425 | Wpmudev | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Defender Security The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. | 4.3 |
2023-07-12 | CVE-2021-4426 | Codesupply | Unspecified vulnerability in Codesupply Absolute Reviews The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. | 4.3 |
2023-07-12 | CVE-2021-4427 | Vuukle | Unspecified vulnerability in Vuukle Comments, Reactions, Share Bar, Revenue 1.1/3.4.31 The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. | 4.3 |
2023-07-12 | CVE-2020-36756 | 10Web | Unspecified vulnerability in 10Web 10Webanalytics The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. | 4.3 |
2023-07-12 | CVE-2020-36757 | Thimpress | Unspecified vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. | 4.3 |
2023-07-12 | CVE-2021-4419 | Inoplugs | Unspecified vulnerability in Inoplugs Wp-Backgrounds-Lite The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. | 4.3 |
2023-07-12 | CVE-2021-4420 | Graphpaperpress | Unspecified vulnerability in Graphpaperpress Sell Media The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. | 4.3 |
2023-07-12 | CVE-2021-4421 | Ashstonestudios | Unspecified vulnerability in Ashstonestudios Advanced Popups The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. | 4.3 |
2023-07-12 | CVE-2021-4422 | Wpexperts | Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. | 4.3 |
2023-07-12 | CVE-2021-4423 | IT Rays | Unspecified vulnerability in It-Rays Rays Grid The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. | 4.3 |
2023-07-12 | CVE-2021-4424 | Quantumcloud | Unspecified vulnerability in Quantumcloud Slider Hero The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. | 4.3 |
2023-07-12 | CVE-2020-36752 | Wpconcern | Unspecified vulnerability in Wpconcern Coming Soon & Maintenance Mode Page The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. | 4.3 |
2023-07-12 | CVE-2023-2517 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. | 4.3 |
2023-07-12 | CVE-2023-2561 | Gallery Metabox Project | Unspecified vulnerability in Gallery-Metabox Project Gallery-Metabox 1.5 The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. | 4.3 |
2023-07-12 | CVE-2023-2562 | Gallery Metabox Project | Missing Authorization vulnerability in Gallery-Metabox Project Gallery-Metabox 1.5 The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. | 4.3 |
2023-07-12 | CVE-2023-2869 | WP Members Project | Unspecified vulnerability in Wp-Members Project Wp-Members The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. | 4.3 |
2023-07-12 | CVE-2023-3199 | Inspireui | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. | 4.3 |
2023-07-12 | CVE-2023-3202 | Inspireui | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. | 4.3 |
2023-07-12 | CVE-2020-36750 | Ewww | Cross-Site Request Forgery (CSRF) vulnerability in Ewww Image Optimizer The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. | 4.3 |
2023-07-12 | CVE-2021-4407 | Goldplugins | Unspecified vulnerability in Goldplugins Custom Banners The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields() function. | 4.3 |
2023-07-12 | CVE-2021-4408 | Designwall | Unspecified vulnerability in Designwall DW Question & Answer The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. | 4.3 |
2023-07-12 | CVE-2021-4409 | Exportfeed | Unspecified vulnerability in Exportfeed Woocommerce Etsy Integration The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. | 4.3 |
2023-07-12 | CVE-2021-4410 | Qtranslate Slug Project | Unspecified vulnerability in Qtranslate Slug Project Qtranslate Slug The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. | 4.3 |
2023-07-12 | CVE-2021-4411 | Wpeasypay | Unspecified vulnerability in Wpeasypay WP Easypay The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. | 4.3 |
2023-07-12 | CVE-2021-4412 | Goprayer | Unspecified vulnerability in Goprayer WP Prayer The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. | 4.3 |
2023-07-12 | CVE-2021-4413 | Coolplugins | Unspecified vulnerability in Coolplugins Process Steps Template Designer The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. | 4.3 |
2023-07-12 | CVE-2021-4414 | Tychesoftwares | Unspecified vulnerability in Tychesoftwares Abandoned Cart Lite for Woocommerce The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. | 4.3 |
2023-07-12 | CVE-2021-4415 | Sunshinephotocart | Unspecified vulnerability in Sunshinephotocart Sunshine Photo Cart The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. | 4.3 |
2023-07-12 | CVE-2021-4416 | WP Mpdf Project | Unspecified vulnerability in Wp-Mpdf Project Wp-Mpdf The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. | 4.3 |
2023-07-12 | CVE-2021-4417 | Incsub | Unspecified vulnerability in Incsub Forminator The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. | 4.3 |
2023-07-11 | CVE-2023-35044 | Securimage WP Fixed Project | Cross-Site Request Forgery (CSRF) vulnerability in Securimage-Wp-Fixed Project Securimage-Wp-Fixed 3.5.4/3.6.16 Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions. | 4.3 |
2023-07-11 | CVE-2023-1936 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue. | 4.3 |
2023-07-11 | CVE-2023-2078 | Buymeacoffee | Unspecified vulnerability in Buymeacoffee BUY ME a Coffee The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. | 4.3 |
2023-07-10 | CVE-2023-24490 | Citrix | Unspecified vulnerability in Citrix products Users with only access to launch VDA applications can launch an unauthorized desktop | 4.3 |
2023-07-10 | CVE-2023-30960 | Palantir | Exposure of Resource to Wrong Sphere vulnerability in Palantir Foundry Job-Tracker A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. | 4.3 |
2023-07-10 | CVE-2023-23487 | IBM | Unspecified vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. | 4.3 |
2023-07-10 | CVE-2023-28953 | IBM | Unspecified vulnerability in IBM Cognos Analytics Cartridge for IBM Cloud PAK for Data 4.0 IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. | 4.3 |
2023-07-10 | CVE-2023-2495 | Greeklish Permalink Project | Unspecified vulnerability in Greeklish-Permalink Project Greeklish-Permalink The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF. | 4.3 |
2023-07-10 | CVE-2023-35887 | Apache | Path Traversal vulnerability in Apache Sshd Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. | 4.3 |
2023-07-10 | CVE-2023-3131 | Inspireui | Unspecified vulnerability in Inspireui Mstore API The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. | 4.3 |
2023-07-10 | CVE-2023-3580 | Squidex IO | Unspecified vulnerability in Squidex.Io Squidex Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. | 4.3 |
2023-07-12 | CVE-2022-48451 | Race Condition vulnerability in Google Android In bluetooth service, there is a possible out of bounds write due to race condition. | 4.1 |
13 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-07-13 | CVE-2023-2620 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. | 3.8 |
2023-07-13 | CVE-2023-3363 | Gitlab | Information Exposure Through Log Files vulnerability in Gitlab An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`. | 3.8 |
2023-07-12 | CVE-2023-37948 | Jenkins | Improper Input Validation vulnerability in Jenkins Cloud Infrastructure Compute Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. | 3.7 |
2023-07-13 | CVE-2023-30565 | BD | Cleartext Transmission of Sensitive Information vulnerability in BD Guardrails CQI Reporter An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. | 3.5 |
2023-07-10 | CVE-2023-3209 | Inspireui | Unspecified vulnerability in Inspireui Mstore API The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. | 3.5 |
2023-07-13 | CVE-2023-21246 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. | 3.3 | |
2023-07-12 | CVE-2023-38069 | Jetbrains | Improper Check for Unusual or Exceptional Conditions vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases | 3.3 |
2023-07-12 | CVE-2023-33879 | Missing Authorization vulnerability in Google Android In music service, there is a missing permission check. | 3.3 | |
2023-07-12 | CVE-2023-33880 | Missing Authorization vulnerability in Google Android In music service, there is a missing permission check. | 3.3 | |
2023-07-11 | CVE-2023-34117 | Zoom | Path Traversal vulnerability in Zoom Software Development KIT Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. | 3.3 |
2023-07-11 | CVE-2022-22302 | Fortinet | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortiauthenticator and Fortios A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. | 3.3 |
2023-07-10 | CVE-2023-34442 | Apache | Unspecified vulnerability in Apache Camel Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 | 3.3 |
2023-07-13 | CVE-2023-21262 | Race Condition vulnerability in Google Android 12.0/12.1/13.0 In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. | 3.1 |