Weekly Vulnerabilities Reports > July 17 to 23, 2023
Overview
486 new vulnerabilities reported during this period, including 70 critical vulnerabilities and 186 high severity vulnerabilities. This weekly summary report vulnerabilities in 449 products from 235 vendors including Oracle, Netapp, Fedoraproject, IBM, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "SQL Injection", "Out-of-bounds Write", and "Unrestricted Upload of File with Dangerous Type".
- 398 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 156 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 317 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 56 reported vulnerabilities.
- Linux has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
70 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-07-21 | CVE-2023-37903 | VM2 Project | OS Command Injection vulnerability in VM2 Project VM2 vm2 is an open source vm/sandbox for Node.js. | 10.0 |
2023-07-19 | CVE-2023-3765 | Lfprojects | Absolute Path Traversal vulnerability in Lfprojects Mlflow Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | 10.0 |
2023-07-23 | CVE-2023-3854 | Phpscriptpoint | SQL Injection vulnerability in PHPscriptpoint Bloodbank 1.1 A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. | 9.8 |
2023-07-23 | CVE-2023-3850 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0 A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. | 9.8 |
2023-07-22 | CVE-2023-3836 | Dahuasecurity | Unrestricted Upload of File with Dangerous Type vulnerability in Dahuasecurity Smart Parking Management A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. | 9.8 |
2023-07-22 | CVE-2023-3826 | Ibos | SQL Injection vulnerability in Ibos 4.5.5 A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. | 9.8 |
2023-07-21 | CVE-2023-26301 | HP | Missing Authorization vulnerability in HP products Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. | 9.8 |
2023-07-21 | CVE-2023-38646 | Metabase | Unspecified vulnerability in Metabase Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. | 9.8 |
2023-07-21 | CVE-2023-35087 | Asus | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. | 9.8 |
2023-07-21 | CVE-2023-37292 | Hgiga | OS Command Injection vulnerability in Hgiga Isherlock Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174. | 9.8 |
2023-07-21 | CVE-2023-3811 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 A vulnerability was found in Hospital Management System 1.0. | 9.8 |
2023-07-21 | CVE-2023-37291 | GSS | Use of Hard-coded Credentials vulnerability in GSS Vitals Enterprise Social Platform Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. | 9.8 |
2023-07-21 | CVE-2023-3809 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 A vulnerability was found in Hospital Management System 1.0. | 9.8 |
2023-07-21 | CVE-2023-3810 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 A vulnerability was found in Hospital Management System 1.0. | 9.8 |
2023-07-21 | CVE-2023-38632 | Asynchronous Sockets FOR C Project | Out-of-bounds Write vulnerability in Asynchronous Sockets for C++ Project Asynchronous Sockets for C++ async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets. | 9.8 |
2023-07-21 | CVE-2023-3805 | Four Faith | Improper Authorization vulnerability in Four-Faith Video Surveillance Management System 2016/2017 A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712. | 9.8 |
2023-07-21 | CVE-2023-3806 | House Rental AND Property Listing PHP Project | Unrestricted Upload of File with Dangerous Type vulnerability in House Rental and Property Listing PHP Project House Rental and Property Listing PHP 1.0 A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. | 9.8 |
2023-07-21 | CVE-2023-3804 | Cdwanjiang | Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0 A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. | 9.8 |
2023-07-21 | CVE-2023-3801 | Ibos | SQL Injection vulnerability in Ibos 4.5.5 A vulnerability was found in IBOS OA 4.5.5. | 9.8 |
2023-07-21 | CVE-2023-3802 | Cdwanjiang | Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0 A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. | 9.8 |
2023-07-20 | CVE-2023-3799 | Ibos | SQL Injection vulnerability in Ibos 4.5.5 A vulnerability was found in IBOS OA 4.5.5 and classified as critical. | 9.8 |
2023-07-20 | CVE-2023-3798 | Cdwanjiang | Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0 A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. | 9.8 |
2023-07-20 | CVE-2023-3795 | Bugfinder | SQL Injection vulnerability in Bugfinder Chaincity 1.0 A vulnerability classified as critical was found in Bug Finder ChainCity Real Estate Investment Platform 1.0. | 9.8 |
2023-07-20 | CVE-2023-31753 | Endonesia | SQL Injection vulnerability in Endonesia 8.7 SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter. | 9.8 |
2023-07-20 | CVE-2023-3793 | Weaver | SQL Injection vulnerability in Weaver E-Cology 10.0.2310.01/9.0 A vulnerability was found in Weaver e-cology. | 9.8 |
2023-07-20 | CVE-2023-37165 | Millhouse Project Project | SQL Injection vulnerability in Millhouse-Project Project Millhouse-Project 1.414 Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. | 9.8 |
2023-07-20 | CVE-2023-3791 | Ibos | SQL Injection vulnerability in Ibos 4.5.5 A vulnerability was found in IBOS OA 4.5.5 and classified as critical. | 9.8 |
2023-07-20 | CVE-2023-37471 | Openidentityplatform | Improper Authentication vulnerability in Openidentityplatform Openam Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. | 9.8 |
2023-07-20 | CVE-2023-38203 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
2023-07-20 | CVE-2023-37289 | Infodoc | Unrestricted Upload of File with Dangerous Type vulnerability in Infodoc Document On-Line Submission and Approval System 22547/22567 It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567. | 9.8 |
2023-07-20 | CVE-2023-38408 | Openbsd Fedoraproject | Unquoted Search Path or Element vulnerability in multiple products The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. | 9.8 |
2023-07-19 | CVE-2023-3722 | Avaya | Unrestricted Upload of File with Dangerous Type vulnerability in Avaya Aura Device Services An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. | 9.8 |
2023-07-19 | CVE-2023-3519 | Citrix | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |
2023-07-19 | CVE-2023-34034 | Vmware | Unspecified vulnerability in VMWare Spring Security Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | 9.8 |
2023-07-19 | CVE-2023-3638 | Geovision | Improper Authentication vulnerability in Geovision Gv-Adr2701 Firmware 1.0020171215 In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. | 9.8 |
2023-07-19 | CVE-2023-3463 | GE | Out-of-bounds Write vulnerability in GE Cimplicity All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. | 9.8 |
2023-07-19 | CVE-2023-3759 | Intergard | Permission Issues vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0 A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. | 9.8 |
2023-07-19 | CVE-2023-3751 | Superstorefinder | SQL Injection vulnerability in Superstorefinder Super Store Finder 3.6 A vulnerability was found in Super Store Finder 3.6. | 9.8 |
2023-07-18 | CVE-2023-30153 | Prestashop | SQL Injection vulnerability in Prestashop Payplug An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller. | 9.8 |
2023-07-18 | CVE-2023-36670 | Kratosdefense | OS Command Injection vulnerability in Kratosdefense NGC Indoor Unit Firmware 9.1.0.4 A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. | 9.8 |
2023-07-18 | CVE-2021-37522 | Locke BOT Project | SQL Injection vulnerability in Locke-Bot Project Locke-Bot 2.0.2 SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js. | 9.8 |
2023-07-18 | CVE-2023-35189 | Iagona | Unrestricted Upload of File with Dangerous Type vulnerability in Iagona Scrutisweb Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. | 9.8 |
2023-07-18 | CVE-2023-36669 | Kratosdefense | Missing Authentication for Critical Function vulnerability in Kratosdefense NGC Indoor Unit Firmware Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. | 9.8 |
2023-07-18 | CVE-2020-36762 | ONS | OS Command Injection vulnerability in ONS RAS Collection Instrument A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. | 9.8 |
2023-07-18 | CVE-2021-34123 | Atasm Project | Out-of-bounds Write vulnerability in Atasm Project Atasm 1.09 An issue was discovered on atasm, version 1.09. | 9.8 |
2023-07-18 | CVE-2018-25088 | Blueyonder | SQL Injection vulnerability in Blueyonder Postgraas Server A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. | 9.8 |
2023-07-18 | CVE-2015-10122 | WP Donate Project | SQL Injection vulnerability in WP Donate Project WP Donate 1.4 A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. | 9.8 |
2023-07-18 | CVE-2022-4146 | Hitachi | Expression Language Injection vulnerability in Hitachi Replication Manager Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | 9.8 |
2023-07-18 | CVE-2023-38427 | Linux Netapp | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.8. | 9.8 |
2023-07-18 | CVE-2023-38429 | Linux | Off-by-one Error vulnerability in Linux Kernel An issue was discovered in the Linux kernel before 6.3.4. | 9.8 |
2023-07-17 | CVE-2021-37384 | Furukawa | Unspecified vulnerability in Furukawa products RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. | 9.8 |
2023-07-17 | CVE-2023-37265 | Icewhale | Missing Authentication for Critical Function vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |
2023-07-17 | CVE-2023-37266 | Icewhale | Improper Authentication vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |
2023-07-17 | CVE-2023-37461 | Metersphere | Path Traversal vulnerability in Metersphere Metersphere is an opensource testing framework. | 9.8 |
2023-07-17 | CVE-2023-37791 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-619L Firmware 2.04 D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. | 9.8 |
2023-07-17 | CVE-2023-2958 | Orjinyazilim | Authorization Bypass Through User-Controlled Key vulnerability in Orjinyazilim ATS PRO Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714. | 9.8 |
2023-07-17 | CVE-2023-2963 | Olivaekspertiz | SQL Injection vulnerability in Olivaekspertiz Oliva Ekspertiz Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2. | 9.8 |
2023-07-17 | CVE-2023-3186 | Supsystic | Unspecified vulnerability in Supsystic Popup The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. | 9.8 |
2023-07-17 | CVE-2023-3376 | Dijital | SQL Injection vulnerability in Dijital Zekiweb Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2. | 9.8 |
2023-07-17 | CVE-2023-26512 | Apache | Deserialization of Untrusted Data vulnerability in Apache Eventmesh 1.7.0/1.8.0 CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. | 9.8 |
2023-07-17 | CVE-2023-3695 | Campcodes | SQL Injection vulnerability in Campcodes Beauty Salon Management System 1.0 A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. | 9.8 |
2023-07-17 | CVE-2023-3696 | Mongoosejs | Unspecified vulnerability in Mongoosejs Mongoose Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4. | 9.8 |
2023-07-17 | CVE-2023-3694 | Sourcecodester House Rental AND Property Listing Project | SQL Injection vulnerability in Sourcecodester House Rental and Property Listing Project House Rental and Property Listing 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester House Rental and Property Listing 1.0. | 9.8 |
2023-07-18 | CVE-2023-38426 | Linux Netapp | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.4. | 9.1 |
2023-07-18 | CVE-2023-38428 | Linux Netapp | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.4. | 9.1 |
2023-07-18 | CVE-2023-38430 | Linux Netapp | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.9. | 9.1 |
2023-07-18 | CVE-2023-38431 | Linux Netapp | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.8. | 9.1 |
2023-07-18 | CVE-2023-38432 | Linux Netapp | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.10. | 9.1 |
2023-07-18 | CVE-2023-21974 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). | 9.0 |
2023-07-18 | CVE-2023-21975 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). | 9.0 |
186 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-07-23 | CVE-2023-3841 | Nxfilter | Cross-Site Request Forgery (CSRF) vulnerability in Nxfilter 4.3.2.5 A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. | 8.8 |
2023-07-21 | CVE-2023-37917 | Fit2Cloud | Unspecified vulnerability in Fit2Cloud Kubepi KubePi is an opensource kubernetes management panel. | 8.8 |
2023-07-21 | CVE-2023-3807 | Campcodes | SQL Injection vulnerability in Campcodes Beauty Salon Management System 1.0 A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. | 8.8 |
2023-07-21 | CVE-2023-3808 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 A vulnerability was found in Hospital Management System 1.0 and classified as critical. | 8.8 |
2023-07-20 | CVE-2023-3797 | Istrong | Unrestricted Upload of File with Dangerous Type vulnerability in Istrong Four Mountain Torrent Disaster Prevention, Control Monitoring and Early Warning System A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. | 8.8 |
2023-07-20 | CVE-2023-3796 | Bugfinder | Unrestricted Upload of File with Dangerous Type vulnerability in Bugfinder Foody Friend 1.0 A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. | 8.8 |
2023-07-20 | CVE-2023-37650 | Agentejo | Cross-Site Request Forgery (CSRF) vulnerability in Agentejo Cockpit A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. | 8.8 |
2023-07-20 | CVE-2023-31462 | Steelseries | Unspecified vulnerability in Steelseries GG 36.0.0 An issue was discovered in SteelSeries GG 36.0.0. | 8.8 |
2023-07-19 | CVE-2023-37362 | Weintek | Improper Authentication vulnerability in Weintek Weincloud 0.13.6 Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website. | 8.8 |
2023-07-19 | CVE-2023-26217 | Tibco | SQL Injection vulnerability in Tibco EBX Add-Ons The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. | 8.8 |
2023-07-19 | CVE-2023-27379 | Foxit | Use After Free vulnerability in Foxit PDF Reader 12.1.2.15332 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. | 8.8 |
2023-07-19 | CVE-2023-28744 | Foxit | Use After Free vulnerability in Foxit PDF Reader 12.1.1.15289 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. | 8.8 |
2023-07-19 | CVE-2023-33866 | Foxit | Use After Free vulnerability in Foxit PDF Reader 12.1.2.15332 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. | 8.8 |
2023-07-19 | CVE-2023-33876 | Foxit | Unspecified vulnerability in Foxit PDF Reader 12.1.2.15332 A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. | 8.8 |
2023-07-19 | CVE-2023-28754 | Apache | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR. An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. | 8.8 |
2023-07-19 | CVE-2023-22506 | Atlassian | Code Injection vulnerability in Atlassian Bamboo Data Center and Bamboo Server This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. | 8.8 |
2023-07-18 | CVE-2023-22508 | Atlassian | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. | 8.8 |
2023-07-18 | CVE-2023-22505 | Atlassian | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. | 8.8 |
2023-07-18 | CVE-2023-37897 | Getgrav | Return of Wrong Status Code vulnerability in Getgrav Grav 1.7.42/1.7.42.1 Grav is a file-based Web-platform built in PHP. | 8.8 |
2023-07-18 | CVE-2023-37477 | Fit2Cloud | OS Command Injection vulnerability in Fit2Cloud 1Panel 1Panel is an open source Linux server operation and maintenance management panel. | 8.8 |
2023-07-18 | CVE-2020-22159 | Evertz | Unrestricted Upload of File with Dangerous Type vulnerability in Evertz 3080Ipx Firmware, 7801Fc Firmware and 7890Ixg Firmware EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files. | 8.8 |
2023-07-18 | CVE-2023-28019 | Hcltech | SQL Injection vulnerability in Hcltech Bigfix Webui Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | 8.8 |
2023-07-18 | CVE-2023-34330 | AMI | Code Injection vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. | 8.8 |
2023-07-18 | CVE-2023-33265 | Hazelcast | Missing Authorization vulnerability in Hazelcast and Imdg In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted. | 8.8 |
2023-07-18 | CVE-2022-26563 | Tildeslash | Incorrect Authorization vulnerability in Tildeslash Monit An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. | 8.8 |
2023-07-18 | CVE-2022-34155 | Miniorange | Improper Authentication vulnerability in Miniorange Oauth Single Sign on Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | 8.8 |
2023-07-18 | CVE-2022-47169 | Staxwp | Cross-Site Request Forgery (CSRF) vulnerability in Staxwp Visibility Logic for Elementor Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions. | 8.8 |
2023-07-18 | CVE-2023-23660 | Mainwp | SQL Injection vulnerability in Mainwp Maintenance Extension Auth. | 8.8 |
2023-07-18 | CVE-2023-25036 | Social Media Icons Widget Project | Cross-Site Request Forgery (CSRF) vulnerability in Social Media Icons Widget Project Social Media Icons Widget Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions. | 8.8 |
2023-07-18 | CVE-2023-37386 | Codexin | Cross-Site Request Forgery (CSRF) vulnerability in Codexin Media Library Helper Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions. | 8.8 |
2023-07-18 | CVE-2023-37387 | Radiustheme | Cross-Site Request Forgery (CSRF) vulnerability in Radiustheme Classified Listing Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. | 8.8 |
2023-07-18 | CVE-2023-37889 | Wpadmin | Cross-Site Request Forgery (CSRF) vulnerability in Wpadmin AWS CDN Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions. | 8.8 |
2023-07-18 | CVE-2023-37892 | Pluginpress | Cross-Site Request Forgery (CSRF) vulnerability in Pluginpress Shortcode Imdb Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions. | 8.8 |
2023-07-18 | CVE-2023-37973 | Replace Word Project | Cross-Site Request Forgery (CSRF) vulnerability in Replace Word Project Replace Word Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions. | 8.8 |
2023-07-18 | CVE-2022-45828 | Nootheme | Cross-Site Request Forgery (CSRF) vulnerability in Nootheme NOO Timetable 2.1.3 Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | 8.8 |
2023-07-18 | CVE-2022-46857 | Sitealert | Cross-Site Request Forgery (CSRF) vulnerability in Sitealert 1.9.7 Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | 8.8 |
2023-07-18 | CVE-2023-25473 | Flickr Justified Gallery Project | Cross-Site Request Forgery (CSRF) vulnerability in Flickr Justified Gallery Project Flickr Justified Gallery Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions. | 8.8 |
2023-07-18 | CVE-2023-25475 | Smart Youtube PRO Project | Cross-Site Request Forgery (CSRF) vulnerability in Smart Youtube PRO Project Smart Youtube PRO 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions. | 8.8 |
2023-07-18 | CVE-2023-25482 | Keetrax | Cross-Site Request Forgery (CSRF) vulnerability in Keetrax WP Tiles Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions. | 8.8 |
2023-07-18 | CVE-2023-3713 | Metagauss | Unspecified vulnerability in Metagauss Profilegrid The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. | 8.8 |
2023-07-18 | CVE-2023-3714 | Metagauss | Unspecified vulnerability in Metagauss Profilegrid The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. | 8.8 |
2023-07-17 | CVE-2023-3724 | Wolfssl | Improper Certificate Validation vulnerability in Wolfssl If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. | 8.8 |
2023-07-17 | CVE-2023-38404 | Veritas | Unrestricted Upload of File with Dangerous Type vulnerability in Veritas Infoscale Operations Manager The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. | 8.8 |
2023-07-17 | CVE-2023-33011 | Zyxel | Use of Externally-Controlled Format String vulnerability in Zyxel products A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled. | 8.8 |
2023-07-17 | CVE-2023-33012 | Zyxel | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled. | 8.8 |
2023-07-17 | CVE-2023-34139 | Zyxel | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device. | 8.8 |
2023-07-17 | CVE-2023-28767 | Zyxel | OS Command Injection vulnerability in Zyxel products The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. | 8.8 |
2023-07-17 | CVE-2022-36424 | Easy Appointments Project | Cross-Site Request Forgery (CSRF) vulnerability in Easy Appointments Project Easy Appointments Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions. | 8.8 |
2023-07-17 | CVE-2022-38062 | Metagauss | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions. | 8.8 |
2023-07-17 | CVE-2023-37974 | WP Social Autoconnect Project | Cross-Site Request Forgery (CSRF) vulnerability in WP Social Autoconnect Project WP Social Autoconnect Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions. | 8.8 |
2023-07-17 | CVE-2023-37985 | Fivestarplugins | Cross-Site Request Forgery (CSRF) vulnerability in Fivestarplugins Five Star Restaurant Menu Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions. | 8.8 |
2023-07-17 | CVE-2022-47172 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Woolentor - Woocommerce Elementor Addons + Builder Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions. | 8.8 |
2023-07-17 | CVE-2023-34005 | Etoilewebdesign | Cross-Site Request Forgery (CSRF) vulnerability in Etoilewebdesign Front END Users Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions. | 8.8 |
2023-07-17 | CVE-2023-36511 | Woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Order Barcodes Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | 8.8 |
2023-07-17 | CVE-2023-36513 | Woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Automatewoo Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | 8.8 |
2023-07-17 | CVE-2023-36514 | Woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Shipping multiple Addresses Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | 8.8 |
2023-07-17 | CVE-2023-37968 | Faboba | Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions. | 8.8 |
2023-07-17 | CVE-2023-2329 | Gsheetconnector | Unspecified vulnerability in Gsheetconnector Woocommerce Google Sheet Connector 1.3.4 The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | 8.8 |
2023-07-17 | CVE-2023-2330 | Gsheetconnector | Unspecified vulnerability in Gsheetconnector Caldera Forms Google Sheets Connector 1.2 The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | 8.8 |
2023-07-17 | CVE-2023-2636 | AN Gradebook Project | SQL Injection vulnerability in AN Gradebook Project AN Gradebook The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber | 8.8 |
2023-07-17 | CVE-2023-31216 | Ultimatemember | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. | 8.8 |
2023-07-17 | CVE-2023-35038 | Wpexperts | Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts WP PDF Generator Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions. | 8.8 |
2023-07-17 | CVE-2023-35089 | Really Simple Plugins | Cross-Site Request Forgery (CSRF) vulnerability in Really-Simple-Plugins Recipe Maker for Your Food Blog From ZIP Recipes Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions. | 8.8 |
2023-07-17 | CVE-2023-35096 | Mycred | Cross-Site Request Forgery (CSRF) vulnerability in Mycred Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. | 8.8 |
2023-07-17 | CVE-2023-35880 | Woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Brands 1.6.49 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | 8.8 |
2023-07-17 | CVE-2023-3179 | Wpexperts | Unspecified vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). | 8.8 |
2023-07-17 | CVE-2023-27424 | Inactive User Deleter Project | Cross-Site Request Forgery (CSRF) vulnerability in Inactive User Deleter Project Inactive User Deleter Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions. | 8.8 |
2023-07-17 | CVE-2023-22672 | Vibethemes | Cross-Site Request Forgery (CSRF) vulnerability in Vibethemes Vslider 4.1.2 Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. | 8.8 |
2023-07-17 | CVE-2023-23646 | Awplife | Cross-Site Request Forgery (CSRF) vulnerability in Awplife Album Gallery Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions. | 8.8 |
2023-07-17 | CVE-2023-23719 | Premmerce | Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions. | 8.8 |
2023-07-17 | CVE-2023-27606 | WP Reroute Email Project | Cross-Site Request Forgery (CSRF) vulnerability in WP Reroute Email Project WP Reroute Email Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions. | 8.8 |
2023-07-17 | CVE-2023-2759 | Taphome | Incorrect Authorization vulnerability in Taphome Core Firmware A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. | 8.8 |
2023-07-18 | CVE-2023-22062 | Oracle | Unspecified vulnerability in Oracle Hyperion 11.2.13.0.000 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). | 8.5 |
2023-07-18 | CVE-2023-22014 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.59/8.60 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 8.4 |
2023-07-17 | CVE-2023-3591 | Mattermost | Improper Authentication vulnerability in Mattermost Server Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | 8.2 |
2023-07-20 | CVE-2023-34625 | Showmojo | Authentication Bypass by Capture-replay vulnerability in Showmojo Mojobox Firmware 1.4 ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. | 8.1 |
2023-07-20 | CVE-2022-28733 | GNU | Integer Underflow (Wrap or Wraparound) vulnerability in GNU Grub2 Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. | 8.1 |
2023-07-18 | CVE-2023-22018 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.1 |
2023-07-18 | CVE-2023-34143 | Hitachi | Improper Certificate Validation vulnerability in Hitachi Device Manager Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02. | 8.1 |
2023-07-17 | CVE-2023-3581 | Mattermost | Origin Validation Error vulnerability in Mattermost Server Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs. | 8.1 |
2023-07-17 | CVE-2023-3615 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. | 8.1 |
2023-07-19 | CVE-2023-3467 | Citrix | Unspecified vulnerability in Citrix products Privilege Escalation to root administrator (nsroot) | 8.0 |
2023-07-18 | CVE-2023-34329 | AMI | Authentication Bypass by Spoofing vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. | 8.0 |
2023-07-17 | CVE-2023-34138 | Zyxel | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. | 8.0 |
2023-07-17 | CVE-2023-34141 | Zyxel | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance. | 8.0 |
2023-07-23 | CVE-2023-28133 | Checkpoint | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30 Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | 7.8 |
2023-07-23 | CVE-2023-3842 | Pointware | Unquoted Search Path or Element vulnerability in Pointware Easyinventory 1.0.12.0 A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. | 7.8 |
2023-07-21 | CVE-2022-37331 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-41793 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-42885 | Openbabel | Access of Uninitialized Pointer vulnerability in Openbabel Open Babel 3.1.1 A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-43467 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-43607 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-44451 | Openbabel | Access of Uninitialized Pointer vulnerability in Openbabel Open Babel 3.1.1 A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46280 | Openbabel | Access of Uninitialized Pointer vulnerability in Openbabel Open Babel 3.1.1 A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46289 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46290 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46291 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46292 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46293 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46294 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2022-46295 | Openbabel | Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. | 7.8 |
2023-07-21 | CVE-2023-3609 | Linux Debian | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). | 7.8 |
2023-07-21 | CVE-2023-3610 | Linux Debian | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. | 7.8 |
2023-07-21 | CVE-2023-3611 | Linux Debian | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. | 7.8 |
2023-07-21 | CVE-2023-3776 | Linux Debian | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). | 7.8 |
2023-07-21 | CVE-2023-28728 | Panasonic | Out-of-bounds Write vulnerability in Panasonic Control Fpwin PRO 6.414/7.3.0.0 A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | 7.8 |
2023-07-21 | CVE-2023-28729 | Panasonic | Type Confusion vulnerability in Panasonic Control Fpwin PRO 6.414/7.3.0.0 A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | 7.8 |
2023-07-21 | CVE-2023-28730 | Panasonic | Out-of-bounds Write vulnerability in Panasonic Control Fpwin PRO 6.414/7.3.0.0 A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | 7.8 |
2023-07-20 | CVE-2021-39822 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-07-20 | CVE-2022-28735 | GNU | Unspecified vulnerability in GNU Grub2 The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. | 7.8 |
2023-07-20 | CVE-2022-28736 | GNU | Use After Free vulnerability in GNU Grub2 There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. | 7.8 |
2023-07-20 | CVE-2022-28737 | Redhat | Out-of-bounds Write vulnerability in Redhat Shim There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. | 7.8 |
2023-07-19 | CVE-2023-34394 | Keysight | Unrestricted Upload of File with Dangerous Type vulnerability in Keysight Geolocation Server In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. | 7.8 |
2023-07-19 | CVE-2023-36853 | Keysight | Uncontrolled Search Path Element vulnerability in Keysight Geolocation Server ?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. | 7.8 |
2023-07-19 | CVE-2023-32664 | Foxit | Unspecified vulnerability in Foxit PDF Reader 12.1.2.15332 A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. | 7.8 |
2023-07-19 | CVE-2022-43910 | IBM | Improper Preservation of Permissions vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. | 7.8 |
2023-07-18 | CVE-2023-22023 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). | 7.8 |
2023-07-18 | CVE-2021-34119 | Htmldoc Project | Out-of-bounds Write vulnerability in Htmldoc Project Htmldoc 1.9.12 A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file. | 7.8 |
2023-07-18 | CVE-2021-34121 | Htmldoc Project | Out-of-bounds Read vulnerability in Htmldoc Project Htmldoc 1.9.12 An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. | 7.8 |
2023-07-18 | CVE-2022-33064 | Libsndfile Project | Off-by-one Error vulnerability in Libsndfile Project Libsndfile 1.1.0 An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. | 7.8 |
2023-07-18 | CVE-2022-33065 | Libsndfile Project | Integer Overflow or Wraparound vulnerability in Libsndfile Project Libsndfile Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. | 7.8 |
2023-07-18 | CVE-2023-30906 | HPE | Unspecified vulnerability in HPE Intelligent Provisioning 1.72/2.81 The vulnerability could be locally exploited to allow escalation of privilege. | 7.8 |
2023-07-18 | CVE-2020-36695 | Hitachi | Incorrect Default Permissions vulnerability in Hitachi products Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08. | 7.8 |
2023-07-17 | CVE-2023-37476 | Openrefine | Path Traversal vulnerability in Openrefine OpenRefine is a free, open source tool for data processing. | 7.8 |
2023-07-18 | CVE-2023-22060 | Oracle | Unspecified vulnerability in Oracle Hyperion Workspace 11.2.13.0.000 Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). | 7.6 |
2023-07-17 | CVE-2023-2760 | Taphome | SQL Injection vulnerability in Taphome Core Firmware An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. | 7.6 |
2023-07-21 | CVE-2023-35077 | Ivanti | Out-of-bounds Write vulnerability in Ivanti Endpoint Manager An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. | 7.5 |
2023-07-21 | CVE-2023-37915 | Objectcomputing | Unspecified vulnerability in Objectcomputing Opendds 3.23.1 OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). | 7.5 |
2023-07-21 | CVE-2023-37916 | Fit2Cloud | Unspecified vulnerability in Fit2Cloud Kubepi KubePi is an opensource kubernetes management panel. | 7.5 |
2023-07-21 | CVE-2023-37918 | Linuxfoundation | Improper Authentication vulnerability in Linuxfoundation Dapr Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. | 7.5 |
2023-07-21 | CVE-2023-36339 | Webboss | Incorrect Authorization vulnerability in Webboss Webboss.Io CMS An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. | 7.5 |
2023-07-21 | CVE-2023-3813 | Artbees | Path Traversal vulnerability in Artbees Jupiter X Core The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. | 7.5 |
2023-07-20 | CVE-2023-30200 | Advancedplugins | Path Traversal vulnerability in Advancedplugins Ultimateimagetool In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack. | 7.5 |
2023-07-20 | CVE-2023-37649 | Agentejo | Unspecified vulnerability in Agentejo Cockpit Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. | 7.5 |
2023-07-20 | CVE-2023-37601 | Mobisystems | Path Traversal vulnerability in Mobisystems Office Suite 10.9.1.42602 Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts. | 7.5 |
2023-07-20 | CVE-2023-31461 | Steelseries | Path Traversal vulnerability in Steelseries GG 36.0.0 Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability. | 7.5 |
2023-07-20 | CVE-2023-34966 | Samba Fedoraproject Redhat Debian | Infinite Loop vulnerability in multiple products An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 7.5 |
2023-07-20 | CVE-2023-37290 | Infodoc | Server-Side Request Forgery (SSRF) vulnerability in Infodoc Document On-Line Submission and Approval System 22547/22567 InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. | 7.5 |
2023-07-19 | CVE-2023-32657 | Weintek | Improper Restriction of Excessive Authentication Attempts vulnerability in Weintek Weincloud 0.13.6 Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. | 7.5 |
2023-07-19 | CVE-2023-34429 | Weintek | Unspecified vulnerability in Weintek Weincloud 0.13.6 Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token. | 7.5 |
2023-07-19 | CVE-2023-37276 | Aiohttp | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |
2023-07-19 | CVE-2023-37899 | Feathersjs | Improper Check for Unusual or Exceptional Conditions vulnerability in Feathersjs Feathers Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. | 7.5 |
2023-07-19 | CVE-2023-25838 | Esri | SQL Injection vulnerability in Esri Arcgis Insights 2022.1 There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. | 7.5 |
2023-07-19 | CVE-2023-3762 | Intergard | Cleartext Storage of Sensitive Information vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0 A vulnerability was found in Intergard SGS 8.7.0. | 7.5 |
2023-07-19 | CVE-2023-3763 | Intergard | Cleartext Transmission of Sensitive Information vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0 A vulnerability was found in Intergard SGS 8.7.0. | 7.5 |
2023-07-19 | CVE-2023-3761 | Intergard | Cleartext Transmission of Sensitive Information vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0 A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. | 7.5 |
2023-07-19 | CVE-2021-38933 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect:Express for Unix IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2023-07-19 | CVE-2023-26023 | IBM | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0 Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. | 7.5 |
2023-07-19 | CVE-2023-26026 | IBM | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0 Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. | 7.5 |
2023-07-19 | CVE-2023-27877 | IBM | Improper Authentication vulnerability in IBM Cloud PAK for Data 4.0 IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. | 7.5 |
2023-07-19 | CVE-2023-28513 | IBM | Unspecified vulnerability in IBM MQ and MQ Appliance IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. | 7.5 |
2023-07-18 | CVE-2023-22047 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise 8.59/8.60 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 7.5 |
2023-07-18 | CVE-2023-28021 | Hcltech | Inadequate Encryption Strength vulnerability in Hcltech Bigfix Webui The BigFix WebUI uses weak cipher suites. | 7.5 |
2023-07-18 | CVE-2023-30383 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link products TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. | 7.5 |
2023-07-18 | CVE-2023-37758 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-815 Firmware 1.0.1 D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. | 7.5 |
2023-07-18 | CVE-2023-37788 | Goproxy Project | Resource Exhaustion vulnerability in Goproxy Project Goproxy 1.1 goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. | 7.5 |
2023-07-18 | CVE-2023-33871 | Iagona | Unspecified vulnerability in Iagona Scrutisweb 2.1.37 Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot. | 7.5 |
2023-07-18 | CVE-2023-38257 | Iagona | Unspecified vulnerability in Iagona Scrutisweb 2.1.37 Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords. | 7.5 |
2023-07-18 | CVE-2021-4428 | What3Words | Information Exposure vulnerability in What3Words Autosuggest A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. | 7.5 |
2023-07-18 | CVE-2023-2263 | Rockwellautomation | Resource Exhaustion vulnerability in Rockwellautomation Kinetix 5700 Firmware 13.001 The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. | 7.5 |
2023-07-18 | CVE-2022-41409 | Pcre | Integer Overflow or Wraparound vulnerability in Pcre Pcre2 Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. | 7.5 |
2023-07-18 | CVE-2022-47085 | Ostree Project | Unspecified vulnerability in Ostree Project Ostree An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. | 7.5 |
2023-07-18 | CVE-2023-3743 | Leothemes | SQL Injection vulnerability in Leothemes AP Page Builder Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database. | 7.5 |
2023-07-18 | CVE-2023-31998 | UI | Out-of-bounds Write vulnerability in UI Aircube Firmware and Edgemax Edgerouter Firmware A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. | 7.5 |
2023-07-18 | CVE-2023-34142 | Hitachi | Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02. | 7.5 |
2023-07-18 | CVE-2023-38434 | Xhttp Project | Double Free vulnerability in Xhttp Project Xhttp xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method. | 7.5 |
2023-07-17 | CVE-2023-37479 | Openenclave | Improper Initialization vulnerability in Openenclave Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. | 7.5 |
2023-07-17 | CVE-2023-38403 | ES Debian Fedoraproject Netapp Apple | Integer Overflow or Wraparound vulnerability in multiple products iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | 7.5 |
2023-07-17 | CVE-2023-38405 | Crestron | Unspecified vulnerability in Crestron products On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash. | 7.5 |
2023-07-17 | CVE-2021-37386 | Furukawa | Cross-site Scripting vulnerability in Furukawa products Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. | 7.5 |
2023-07-17 | CVE-2023-34669 | Totolink | Unspecified vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594 TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | 7.5 |
2023-07-17 | CVE-2023-37475 | Avro Project | Resource Exhaustion vulnerability in Avro Project Avro Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. | 7.5 |
2023-07-17 | CVE-2023-3590 | Mattermost | Incorrect Authorization vulnerability in Mattermost Server 7.10.0/7.10.1/7.10.2 Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. | 7.5 |
2023-07-17 | CVE-2023-2959 | Olivaekspertiz | Authentication Bypass by Primary Weakness vulnerability in Olivaekspertiz Oliva Ekspertiz Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2. | 7.5 |
2023-07-17 | CVE-2023-2912 | Secomea | Use After Free vulnerability in Secomea Sitemanager Embedded 9.2C Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction. | 7.5 |
2023-07-17 | CVE-2022-4952 | Dotnetfoundation | Unspecified vulnerability in Dotnetfoundation C# Language Server Protocol A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. | 7.5 |
2023-07-23 | CVE-2023-3852 | Yuque | Unrestricted Upload of File with Dangerous Type vulnerability in Yuque Rapidcms A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. | 7.2 |
2023-07-23 | CVE-2023-3839 | Dedebiz | SQL Injection vulnerability in Dedebiz 6.2.10 A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. | 7.2 |
2023-07-21 | CVE-2021-35391 | Deskpro | Server-Side Request Forgery (SSRF) vulnerability in Deskpro 2021.21.6 Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. | 7.2 |
2023-07-21 | CVE-2023-3820 | Pimcore | SQL Injection vulnerability in Pimcore SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. | 7.2 |
2023-07-21 | CVE-2023-35086 | Asus | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. | 7.2 |
2023-07-19 | CVE-2023-30799 | Mikrotik | Unspecified vulnerability in Mikrotik Routeros MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. | 7.2 |
2023-07-18 | CVE-2023-3459 | Webtoffee | Unspecified vulnerability in Webtoffee Import Export Wordpress Users The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. | 7.2 |
2023-07-18 | CVE-2020-23909 | Advancemame | Out-of-bounds Read vulnerability in Advancemame Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1. | 7.1 |
2023-07-20 | CVE-2022-28734 | GNU Netapp | Out-of-bounds Write vulnerability in multiple products Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. | 7.0 |
2023-07-19 | CVE-2023-25839 | Esri | SQL Injection vulnerability in Esri Arcgis Insights 2022.1 There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. | 7.0 |
210 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-07-20 | CVE-2023-3786 | Aures | Unspecified vulnerability in Aures Komet Firmware 20230509 A vulnerability classified as problematic has been found in Aures Komet up to 20230509. | 6.8 |
2023-07-18 | CVE-2023-3527 | Avaya | Improper Neutralization of Formula Elements in a CSV File vulnerability in Avaya Call Management System 17.0/18.0.0.1/18.0.0.2 A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | 6.8 |
2023-07-17 | CVE-2023-35818 | Espressif | Unspecified vulnerability in Espressif products An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. | 6.8 |
2023-07-18 | CVE-2021-43072 | Fortinet | Classic Buffer Overflow vulnerability in Fortinet products A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol. | 6.7 |
2023-07-17 | CVE-2023-35012 | IBM | Stack-based Buffer Overflow vulnerability in IBM DB2 11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 6.7 |
2023-07-20 | CVE-2023-3800 | Wolfcode | Unrestricted Upload of File with Dangerous Type vulnerability in Wolfcode Easyadmin8 2.0.2.2 A vulnerability was found in EasyAdmin8 2.0.2.2. | 6.6 |
2023-07-21 | CVE-2023-3603 | Libssh | NULL Pointer Dereference vulnerability in Libssh A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. | 6.5 |
2023-07-21 | CVE-2023-38187 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 6.5 |
2023-07-21 | CVE-2023-3819 | Pimcore | Information Exposure vulnerability in Pimcore Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. | 6.5 |
2023-07-21 | CVE-2023-3484 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. | 6.5 |
2023-07-20 | CVE-2020-24275 | Swoole | Injection vulnerability in Swoole 4.5.2 A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | 6.5 |
2023-07-20 | CVE-2023-3792 | Netentsec | Forced Browsing vulnerability in Netentsec Application Security Gateway 6.3 A vulnerability was found in Beijing Netcon NS-ASG 6.3. | 6.5 |
2023-07-20 | CVE-2023-38334 | Omnis | Unspecified vulnerability in Omnis Studio 10.22.00 Omnis Studio 10.22.00 has incorrect access control. | 6.5 |
2023-07-20 | CVE-2023-32265 | Microfocus | Unspecified vulnerability in Microfocus products A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. | 6.5 |
2023-07-20 | CVE-2023-32481 | Dell | Allocation of Resources Without Limits or Throttling vulnerability in Dell Wyse Management Suite Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. | 6.5 |
2023-07-19 | CVE-2023-32261 | Microfocus | Unspecified vulnerability in Microfocus Dimensions CM A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. | 6.5 |
2023-07-19 | CVE-2023-32262 | Microfocus | Unspecified vulnerability in Microfocus Dimensions CM A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. | 6.5 |
2023-07-19 | CVE-2023-3760 | Intergard | Improper Resource Shutdown or Release vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0 A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. | 6.5 |
2023-07-19 | CVE-2022-43908 | IBM | Improper Input Validation vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. | 6.5 |
2023-07-19 | CVE-2023-35898 | IBM | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. | 6.5 |
2023-07-18 | CVE-2023-21994 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). | 6.5 |
2023-07-18 | CVE-2023-22022 | Oracle | Unspecified vulnerability in Oracle Health Sciences Applications 3.1.0.2/3.1.1.3/3.2.0.0 Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). | 6.5 |
2023-07-18 | CVE-2023-22037 | Oracle | Unspecified vulnerability in Oracle web Applications Desktop Integrator Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). | 6.5 |
2023-07-18 | CVE-2023-22040 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 6.5 |
2023-07-18 | CVE-2023-28023 | Hcltech | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Webui 14/20/44 A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | 6.5 |
2023-07-18 | CVE-2023-2913 | Rockwellautomation | Path Traversal vulnerability in Rockwellautomation Thinmanager 13.0.0/13.0.1/13.0.2 An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. | 6.5 |
2023-07-18 | CVE-2021-32256 | GNU | Out-of-bounds Write vulnerability in GNU Binutils 2.36 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. | 6.5 |
2023-07-17 | CVE-2023-37769 | Pixman | Divide By Zero vulnerability in Pixman stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. | 6.5 |
2023-07-17 | CVE-2023-37781 | Emqx | Path Traversal vulnerability in Emqx 4.3.8 An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. | 6.5 |
2023-07-17 | CVE-2022-30858 | Miniupnp Project | Resource Exhaustion vulnerability in Miniupnp Project Ngiflib 0.4 An issue was discovered in ngiflib 0.4. | 6.5 |
2023-07-17 | CVE-2023-34140 | Zyxel | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon. | 6.5 |
2023-07-17 | CVE-2023-3593 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. | 6.5 |
2023-07-23 | CVE-2023-3853 | Phpscriptpoint | Cross-site Scripting vulnerability in PHPscriptpoint Bloodbank 1.1 A vulnerability was found in phpscriptpoint BloodBank 1.1. | 6.1 |
2023-07-23 | CVE-2023-3849 | Moosocial | Cross-site Scripting vulnerability in Moosocial Moodating 1.2 A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. | 6.1 |
2023-07-23 | CVE-2023-3847 | Moosocial | Cross-site Scripting vulnerability in Moosocial Moodating 1.2 A vulnerability classified as problematic was found in mooSocial mooDating 1.2. | 6.1 |
2023-07-23 | CVE-2023-3848 | Moosocial | Cross-site Scripting vulnerability in Moosocial Moodating 1.2 A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. | 6.1 |
2023-07-23 | CVE-2023-3846 | Moosocial | Cross-site Scripting vulnerability in Moosocial Moodating 1.2 A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. | 6.1 |
2023-07-23 | CVE-2023-3844 | Moosocial | Cross-site Scripting vulnerability in Moosocial Moodating 1.2 A vulnerability was found in mooSocial mooDating 1.2. | 6.1 |
2023-07-23 | CVE-2023-3845 | Moosocial | Cross-site Scripting vulnerability in Moosocial Moodating 1.2 A vulnerability was found in mooSocial mooDating 1.2. | 6.1 |
2023-07-23 | CVE-2023-3843 | Moosocial | Cross-site Scripting vulnerability in Moosocial Moodating 1.2 A vulnerability was found in mooSocial mooDating 1.2. | 6.1 |
2023-07-23 | CVE-2023-3840 | Nxfilter | Cross-site Scripting vulnerability in Nxfilter 4.3.2.5 A vulnerability, which was classified as problematic, was found in NxFilter 4.3.2.5. | 6.1 |
2023-07-22 | CVE-2023-3835 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Minestack 1.0 A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0. | 6.1 |
2023-07-22 | CVE-2023-3834 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Ex-Rate 1.0 A vulnerability was found in Bug Finder EX-RATE 1.0. | 6.1 |
2023-07-22 | CVE-2023-3832 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Wedding Wonders 1.0 A vulnerability was found in Bug Finder Wedding Wonders 1.0. | 6.1 |
2023-07-22 | CVE-2023-3833 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Montage 1.0 A vulnerability was found in Bug Finder Montage 1.0. | 6.1 |
2023-07-22 | CVE-2023-3830 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Sass Biller 1.0 A vulnerability was found in Bug Finder SASS BILLER 1.0. | 6.1 |
2023-07-22 | CVE-2023-3829 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Icogenie 1.0 A vulnerability was found in Bug Finder ICOGenie 1.0. | 6.1 |
2023-07-22 | CVE-2023-3828 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Listplace Directory Listing Platform 3.0 A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. | 6.1 |
2023-07-22 | CVE-2023-3827 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Listplace Directory Listing Platform 3.0 A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. | 6.1 |
2023-07-21 | CVE-2023-37905 | Ckeditor Wordcount Plugin Project | Cross-site Scripting vulnerability in Ckeditor-Wordcount-Plugin Project Ckeditor-Wordcount-Plugin ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. | 6.1 |
2023-07-21 | CVE-2023-25841 | Esri | Cross-site Scripting vulnerability in Esri Arcgis Server 10.8.1/10.9.0/10.9.1 There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities. | 6.1 |
2023-07-21 | CVE-2023-37742 | Webboss | Cross-site Scripting vulnerability in Webboss Webboss.Io CMS WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | 6.1 |
2023-07-21 | CVE-2023-3822 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4. | 6.1 |
2023-07-21 | CVE-2023-3815 | Ruoyi | Cross-site Scripting vulnerability in Ruoyi A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. | 6.1 |
2023-07-21 | CVE-2023-32624 | Sakura | Cross-site Scripting vulnerability in Sakura TS Webfonts Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 |
2023-07-20 | CVE-2021-39425 | Seeddms | Open Redirect vulnerability in Seeddms 6.0.15 SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. | 6.1 |
2023-07-20 | CVE-2023-3794 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Chaincity 1.0 A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. | 6.1 |
2023-07-20 | CVE-2023-37164 | Diafan | Cross-site Scripting vulnerability in Diafan Diafan.Cms 6.0 Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. | 6.1 |
2023-07-20 | CVE-2023-37600 | Mobisystems | Cross-site Scripting vulnerability in Mobisystems Office Suite 10.9.1.42602 Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile. | 6.1 |
2023-07-20 | CVE-2023-37602 | Alkacon | Cross-site Scripting vulnerability in Alkacon Opencms 15.0.0 An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | 6.1 |
2023-07-20 | CVE-2023-38617 | Mobisystems | Cross-site Scripting vulnerability in Mobisystems Office Suite 10.9.1.42602 Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files. | 6.1 |
2023-07-20 | CVE-2023-37728 | Icewarp | Cross-site Scripting vulnerability in Icewarp 10.2.1 IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | 6.1 |
2023-07-20 | CVE-2023-3789 | Paulprinting Project | Cross-site Scripting vulnerability in Paulprinting Project Paulprinting 2018 A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. | 6.1 |
2023-07-19 | CVE-2023-37733 | Tduckcloud | Cross-site Scripting vulnerability in Tduckcloud Tduck-Platform 4.0 An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. | 6.1 |
2023-07-19 | CVE-2023-3466 | Citrix | Cross-site Scripting vulnerability in Citrix products Reflected Cross-Site Scripting (XSS) | 6.1 |
2023-07-19 | CVE-2023-3757 | Gzscripts | Cross-site Scripting vulnerability in Gzscripts CAR Rental PHP Script 1.8 A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. | 6.1 |
2023-07-19 | CVE-2023-3755 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Atlas 2.13 A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. | 6.1 |
2023-07-19 | CVE-2023-3756 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Atlas 2.13 A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. | 6.1 |
2023-07-19 | CVE-2023-3754 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Ekushey Project Manager 5.0 A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. | 6.1 |
2023-07-19 | CVE-2023-3752 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Academy LMS 5.15 A vulnerability was found in Creativeitem Academy LMS 5.15. | 6.1 |
2023-07-19 | CVE-2023-3753 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Mastery LMS 1.2 A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. | 6.1 |
2023-07-18 | CVE-2023-22035 | Oracle | Cross-site Scripting vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). | 6.1 |
2023-07-18 | CVE-2023-22042 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). | 6.1 |
2023-07-18 | CVE-2023-22055 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). | 6.1 |
2023-07-18 | CVE-2023-28020 | Hcltech | Open Redirect vulnerability in Hcltech Bigfix Webui URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | 6.1 |
2023-07-18 | CVE-2023-33312 | Easy Captcha Project | Cross-site Scripting vulnerability in Easy Captcha Project Easy Captcha 0.8/0.9/1.0 Unauth. | 6.1 |
2023-07-18 | CVE-2023-33231 | Solarwinds | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer XSS attack was possible in DPA 2023.2 due to insufficient input validation | 6.1 |
2023-07-18 | CVE-2023-36384 | Booking Calendar Project | Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar Unauth. | 6.1 |
2023-07-18 | CVE-2023-32965 | Crudlab | Cross-site Scripting vulnerability in Crudlab Jazz Popups Unauth. | 6.1 |
2023-07-18 | CVE-2023-3708 | Deothemes | Unspecified vulnerability in Deothemes Medikaid Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. | 6.1 |
2023-07-17 | CVE-2023-31851 | Cudy | Cross-site Scripting vulnerability in Cudy Lt400 Firmware 1.13.4/1.15.18/1.15.27 Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. | 6.1 |
2023-07-17 | CVE-2023-31853 | Cudy | Cross-site Scripting vulnerability in Cudy Lt400 Firmware 1.13.4 Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. | 6.1 |
2023-07-17 | CVE-2023-1893 | Login Configurator Project | Cross-site Scripting vulnerability in Login Configurator Project Login Configurator 2.1 The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators. | 6.1 |
2023-07-17 | CVE-2023-2701 | Mediaburst | Unspecified vulnerability in Mediaburst Gravity Forms The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. | 6.1 |
2023-07-17 | CVE-2023-2960 | Olivaekspertiz | Cross-site Scripting vulnerability in Olivaekspertiz Oliva Ekspertiz Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).This issue affects Oliva Expertise EKS: before 1.2. | 6.1 |
2023-07-17 | CVE-2023-31852 | Cuby | Cross-site Scripting vulnerability in Cuby Lt400 Firmware 1.13.4 Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter. | 6.1 |
2023-07-17 | CVE-2023-3041 | Autochat | Unspecified vulnerability in Autochat Automatic Conversation The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack. | 6.1 |
2023-07-17 | CVE-2023-3182 | Liquidweb | Unspecified vulnerability in Liquidweb Restrict Content The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-07-18 | CVE-2023-21961 | Oracle | Unspecified vulnerability in Oracle Hyperion Essbase Administration Services 21.4.3.0.0 Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). | 6.0 |
2023-07-20 | CVE-2022-2127 | Samba Redhat Fedoraproject Debian | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. | 5.9 |
2023-07-20 | CVE-2023-3347 | Samba Redhat Fedoraproject | A vulnerability was found in Samba's SMB2 packet signing mechanism. | 5.9 |
2023-07-19 | CVE-2023-35134 | Weintek | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Weintek Weincloud 0.13.6 Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only. | 5.9 |
2023-07-19 | CVE-2023-3782 | Squareup | Unspecified vulnerability in Squareup Okhttp-Brotli DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response | 5.9 |
2023-07-18 | CVE-2023-22043 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in Oracle Java SE (component: JavaFX). | 5.9 |
2023-07-18 | CVE-2023-22053 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). | 5.9 |
2023-07-19 | CVE-2023-32263 | Microfocus | Unspecified vulnerability in Microfocus Dimensions CM A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. | 5.7 |
2023-07-18 | CVE-2023-21983 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). | 5.6 |
2023-07-23 | CVE-2023-2430 | Linux | Improper Locking vulnerability in Linux Kernel A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. | 5.5 |
2023-07-22 | CVE-2023-38633 | Gnome Fedoraproject Debian | Path Traversal vulnerability in multiple products A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. | 5.5 |
2023-07-20 | CVE-2023-32476 | Dell | Information Exposure vulnerability in Dell Hybrid Client 2.0 Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. | 5.5 |
2023-07-20 | CVE-2023-32446 | Dell | Information Exposure Through Log Files vulnerability in Dell Wyse Thinos 9.4.1141 Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. | 5.5 |
2023-07-20 | CVE-2023-32447 | Dell | Information Exposure Through Log Files vulnerability in Dell Wyse Thinos Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. | 5.5 |
2023-07-20 | CVE-2023-32455 | Dell | Information Exposure Through Log Files vulnerability in Dell Wyse Thinos Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. | 5.5 |
2023-07-19 | CVE-2023-37748 | Miniupnp Project | Infinite Loop vulnerability in Miniupnp Project Ngiflib ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. | 5.5 |
2023-07-19 | CVE-2022-40896 | Pygments | Unrestricted Upload of File with Dangerous Type vulnerability in Pygments A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | 5.5 |
2023-07-19 | CVE-2023-32635 | Edinet FSA | XXE vulnerability in Edinet-Fsa Xbrl Data Create XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
2023-07-18 | CVE-2023-22017 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 5.5 |
2023-07-18 | CVE-2023-37139 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). | 5.5 |
2023-07-18 | CVE-2023-37140 | Microsoft | Resource Exhaustion vulnerability in Microsoft Chakracore ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). | 5.5 |
2023-07-18 | CVE-2023-37141 | Microsoft | Resource Exhaustion vulnerability in Microsoft Chakracore ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). | 5.5 |
2023-07-18 | CVE-2023-37142 | Microsoft | Resource Exhaustion vulnerability in Microsoft Chakracore ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). | 5.5 |
2023-07-18 | CVE-2023-37143 | Microsoft | Resource Exhaustion vulnerability in Microsoft Chakracore ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). | 5.5 |
2023-07-18 | CVE-2023-35763 | Iagona | Use of Hard-coded Credentials vulnerability in Iagona Scrutisweb 2.1.37 Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | 5.5 |
2023-07-18 | CVE-2023-0160 | Linux Fedoraproject | Improper Locking vulnerability in multiple products A deadlock flaw was found in the Linux kernel’s BPF subsystem. | 5.5 |
2023-07-18 | CVE-2023-31441 | Ncia | NULL Pointer Dereference vulnerability in Ncia Advisor Network In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. | 5.5 |
2023-07-18 | CVE-2020-23910 | Asn1C Project | Out-of-bounds Write vulnerability in Asn1C Project Asn1C 0.9.28 Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c. | 5.5 |
2023-07-18 | CVE-2020-23911 | Asn1C Project | NULL Pointer Dereference vulnerability in Asn1C Project Asn1C 0.9.28 An issue was discovered in asn1c through v0.9.28. | 5.5 |
2023-07-18 | CVE-2021-33294 | Elfutils Project | Infinite Loop vulnerability in Elfutils Project Elfutils 0.183 In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. | 5.5 |
2023-07-17 | CVE-2023-38409 | Linux | Unspecified vulnerability in Linux Kernel An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. | 5.5 |
2023-07-17 | CVE-2023-28864 | Progress | Insecure Storage of Sensitive Information vulnerability in Progress Chef Infra Server Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. | 5.5 |
2023-07-17 | CVE-2023-37770 | Grame | Out-of-bounds Write vulnerability in Grame Faust faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp. | 5.5 |
2023-07-22 | CVE-2023-3831 | Bugfinder | Cross-site Scripting vulnerability in Bugfinder Finounce 1.0 A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. | 5.4 |
2023-07-22 | CVE-2023-25929 | IBM | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 5.4 |
2023-07-22 | CVE-2023-28530 | IBM | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. | 5.4 |
2023-07-21 | CVE-2023-37901 | Cern | Cross-site Scripting vulnerability in Cern Indico Indico is an open source a general-purpose, web based event management tool. | 5.4 |
2023-07-21 | CVE-2023-3821 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4. | 5.4 |
2023-07-21 | CVE-2023-25836 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.8.1/10.9 There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. | 5.4 |
2023-07-20 | CVE-2021-45094 | Okta | Cross-site Scripting vulnerability in Okta Imprivata Privileged Access Management 2.3.202112051108 Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | 5.4 |
2023-07-20 | CVE-2023-3790 | Uxblondon | Cross-site Scripting vulnerability in Uxblondon Boom CMS 8.0.7 A vulnerability has been found in Boom CMS 8.0.7 and classified as problematic. | 5.4 |
2023-07-20 | CVE-2023-3788 | Activeitzone | Cross-site Scripting vulnerability in Activeitzone Active Super Shop 2.5 A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. | 5.4 |
2023-07-20 | CVE-2023-3787 | Tiva Events Calendar Project | Cross-site Scripting vulnerability in Tiva Events Calendar Project Tiva Events Calendar 1.4 A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. | 5.4 |
2023-07-20 | CVE-2023-3785 | Paulprinting Project | Cross-site Scripting vulnerability in Paulprinting Project Paulprinting 2018 A vulnerability was found in PaulPrinting CMS 2018. | 5.4 |
2023-07-20 | CVE-2023-3784 | Wifi File Explorer Project | Cross-site Scripting vulnerability in Wifi File Explorer Project Wifi File Explorer 1.13.3 A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. | 5.4 |
2023-07-20 | CVE-2023-3783 | Webile Wifi PC File Transfer Project | Cross-site Scripting vulnerability in Webile Wifi PC File Transfer Project Webile Wifi PC File Transfer 1.0.1 A vulnerability was found in Webile 1.0.1. | 5.4 |
2023-07-19 | CVE-2023-29260 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). | 5.4 |
2023-07-19 | CVE-2023-30433 | IBM | Open Redirect vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
2023-07-18 | CVE-2023-22011 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). | 5.4 |
2023-07-18 | CVE-2023-22020 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). | 5.4 |
2023-07-18 | CVE-2023-22039 | Oracle | Unspecified vulnerability in Oracle Agile PLM 9.3.6 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). | 5.4 |
2023-07-18 | CVE-2023-22050 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Orchestrator Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). | 5.4 |
2023-07-18 | CVE-2023-22061 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). | 5.4 |
2023-07-18 | CVE-2023-37259 | Matrix React SDK Project | Cross-site Scripting vulnerability in Matrix-React-Sdk Project Matrix-React-Sdk matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. | 5.4 |
2023-07-18 | CVE-2023-36383 | Mage People | Cross-site Scripting vulnerability in Mage-People Event Manager and Tickets Selling for Woocommerce Auth. | 5.4 |
2023-07-18 | CVE-2023-2433 | Yarpp | Unspecified vulnerability in Yarpp YET Another Related Posts Plugin The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. | 5.4 |
2023-07-17 | CVE-2023-36656 | Jaegertracing | Cross-site Scripting vulnerability in Jaegertracing Jaeger UI Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component. | 5.4 |
2023-07-17 | CVE-2023-3586 | Mattermost | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. | 5.4 |
2023-07-17 | CVE-2023-0439 | Basixonline | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. | 5.4 |
2023-07-17 | CVE-2023-2143 | Ideastocode | Unspecified vulnerability in Ideastocode Enable Svg, Webp & ICO Upload 1.0.0/1.0.1/1.0.3 The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. | 5.4 |
2023-07-17 | CVE-2023-2579 | Inventorypress Project | Unspecified vulnerability in Inventorypress Project Inventorypress 1.7 The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-07-21 | CVE-2023-3102 | Gitlab | Unspecified vulnerability in Gitlab 16.0.0/16.1.0 A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR. | 5.3 |
2023-07-20 | CVE-2023-37645 | Eyoucms | Exposure of Resource to Wrong Sphere vulnerability in Eyoucms 1.6.3 eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt. | 5.3 |
2023-07-20 | CVE-2023-38523 | Samsung | Missing Authentication for Critical Function vulnerability in Samsung products The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. | 5.3 |
2023-07-20 | CVE-2023-38335 | Omnis | Unspecified vulnerability in Omnis Studio 10.22.00 Omnis Studio 10.22.00 has incorrect access control. | 5.3 |
2023-07-20 | CVE-2023-34967 | Samba Fedoraproject Redhat Debian | Type Confusion vulnerability in multiple products A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 5.3 |
2023-07-20 | CVE-2023-34968 | Samba Fedoraproject Redhat Debian | A path disclosure vulnerability was found in Samba. | 5.3 |
2023-07-20 | CVE-2023-3779 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. | 5.3 |
2023-07-20 | CVE-2023-3300 | Hashicorp | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. | 5.3 |
2023-07-19 | CVE-2023-3446 | Openssl | Unspecified vulnerability in Openssl Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. | 5.3 |
2023-07-19 | CVE-2023-29259 | IBM | Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | 5.3 |
2023-07-19 | CVE-2023-35900 | IBM | Unspecified vulnerability in IBM products IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. | 5.3 |
2023-07-18 | CVE-2023-34035 | Vmware | Incorrect Authorization vulnerability in VMWare Spring Security Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints | 5.3 |
2023-07-18 | CVE-2023-3709 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. | 5.3 |
2023-07-17 | CVE-2022-4023 | 3Dprint Project | Unspecified vulnerability in 3Dprint Project 3Dprint The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into submitting a form. | 5.3 |
2023-07-17 | CVE-2023-34036 | Vmware | Improper Encoding or Escaping of Output vulnerability in VMWare Spring Hateoas Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers. | 5.3 |
2023-07-17 | CVE-2023-33857 | IBM | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. | 5.3 |
2023-07-17 | CVE-2023-35901 | IBM | Improper Authentication vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. | 5.3 |
2023-07-18 | CVE-2023-22041 | Oracle Debian Netapp | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). | 5.1 |
2023-07-22 | CVE-2023-38195 | Datalust | Unspecified vulnerability in Datalust SEQ Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. | 4.9 |
2023-07-21 | CVE-2023-32478 | Dell | Information Exposure Through Log Files vulnerability in Dell Powerstoreos Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. | 4.9 |
2023-07-20 | CVE-2023-32482 | Dell | Incorrect Authorization vulnerability in Dell Wyse Management Suite Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. | 4.9 |
2023-07-18 | CVE-2023-21950 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |
2023-07-18 | CVE-2023-22007 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |
2023-07-18 | CVE-2023-22008 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2023-07-18 | CVE-2023-22034 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Unified Audit component of Oracle Database Server. | 4.9 |
2023-07-18 | CVE-2023-22046 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-07-18 | CVE-2023-22054 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-07-18 | CVE-2023-22056 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-07-18 | CVE-2023-22057 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |
2023-07-18 | CVE-2023-37480 | Ethyca | Resource Exhaustion vulnerability in Ethyca Fides Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. | 4.9 |
2023-07-18 | CVE-2023-37481 | Ethyca | Resource Exhaustion vulnerability in Ethyca Fides Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. | 4.9 |
2023-07-23 | CVE-2023-3838 | Dedebiz | Cross-site Scripting vulnerability in Dedebiz 6.2.10 A vulnerability classified as problematic was found in DedeBIZ 6.2.10. | 4.8 |
2023-07-22 | CVE-2023-3837 | Dedebiz | Cross-site Scripting vulnerability in Dedebiz 6.2.10 A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. | 4.8 |
2023-07-21 | CVE-2023-25837 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.8.1/10.9 There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. | 4.8 |
2023-07-21 | CVE-2023-25835 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. | 4.8 |
2023-07-18 | CVE-2023-33329 | Custom Post Type Generator Project | Cross-site Scripting vulnerability in Custom Post Type Generator Project Custom Post Type Generator Auth. | 4.8 |
2023-07-18 | CVE-2022-47421 | Armemberplugin | Cross-site Scripting vulnerability in Armemberplugin Armember Auth. | 4.8 |
2023-07-18 | CVE-2023-24390 | Wesecur | Cross-site Scripting vulnerability in Wesecur Auth. | 4.8 |
2023-07-17 | CVE-2023-3245 | Premio | Cross-site Scripting vulnerability in Premio Chaty The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-07-21 | CVE-2023-35392 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.7 |
2023-07-19 | CVE-2023-33832 | IBM | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. | 4.7 |
2023-07-20 | CVE-2023-32483 | Dell | Cleartext Storage of Sensitive Information vulnerability in Dell Wyse Management Suite Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. | 4.4 |
2023-07-18 | CVE-2023-22005 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.4 |
2023-07-18 | CVE-2023-22031 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 4.4 |
2023-07-18 | CVE-2023-22033 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |
2023-07-18 | CVE-2023-22058 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). | 4.4 |
2023-07-22 | CVE-2023-3247 | PHP | Use of Insufficiently Random Values vulnerability in PHP In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. | 4.3 |
2023-07-21 | CVE-2023-38173 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge for Android Spoofing Vulnerability | 4.3 |
2023-07-21 | CVE-2023-32625 | Sakura | Cross-Site Request Forgery (CSRF) vulnerability in Sakura TS Webfonts Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page. | 4.3 |
2023-07-18 | CVE-2023-22004 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). | 4.3 |
2023-07-18 | CVE-2023-22009 | Oracle | Unspecified vulnerability in Oracle Self-Service Human Resources Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). | 4.3 |
2023-07-18 | CVE-2023-22012 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 7.0.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). | 4.3 |
2023-07-18 | CVE-2023-22013 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). | 4.3 |
2023-07-18 | CVE-2023-22021 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). | 4.3 |
2023-07-18 | CVE-2023-22027 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 7.0.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). | 4.3 |
2023-07-18 | CVE-2023-3403 | Metagauss | Unspecified vulnerability in Metagauss Profilegrid The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. | 4.3 |
2023-07-17 | CVE-2023-3577 | Mattermost | Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. | 4.3 |
2023-07-17 | CVE-2023-3582 | Mattermost | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, | 4.3 |
2023-07-17 | CVE-2023-3585 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. | 4.3 |
2023-07-17 | CVE-2023-3700 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 4.3 |
2023-07-18 | CVE-2023-22016 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.2 |