The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress -- wordpress | A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651. | 2023-06-04 | 9.8 | CVE-2015-10111 MISC MISC MISC |
wordpress -- wordpress | The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default. | 2023-06-03 | 9.8 | CVE-2023-2781 MISC MISC MISC MISC |
wddgroup -- fantsy | Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-28698 MISC |
elite -- webfax | ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service. | 2023-06-02 | 9.8 | CVE-2023-28701 MISC |
thethaiger -- the_thaiger | An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. | 2023-06-02 | 9.8 | CVE-2023-29746 MISC MISC MISC MISC |
erikogluteknoloji -- energy_monitoring | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. | 2023-06-02 | 9.8 | CVE-2023-3000 MISC |
iuok -- yfcmf-tp6 | A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability. | 2023-06-02 | 9.8 | CVE-2023-3056 MISC MISC MISC |
iuok -- yfcmf-tp6 | A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543. | 2023-06-02 | 9.8 | CVE-2023-3057 MISC MISC MISC |
online_exam_form_submission_project -- online_exam_form_submission | A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability. | 2023-06-02 | 9.8 | CVE-2023-3059 MISC MISC MISC |
hitrontech -- coda-5310_firmware | Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-30603 MISC |
hitrontech -- coda-5310_firmware | It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-30604 MISC |
agro-school_management_system_project -- agro-school_management_system | A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567. | 2023-06-02 | 9.8 | CVE-2023-3061 MISC MISC MISC |
agro-school_management_system_project -- agro-school_management_system | A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568. | 2023-06-02 | 9.8 | CVE-2023-3062 MISC MISC MISC |
retro_cellphone_online_store_project -- retro_cellphone_online_store | A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230580. | 2023-06-02 | 9.8 | CVE-2023-3068 MISC MISC MISC |
corebos -- corebos | Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 9.8 | CVE-2023-3069 MISC CONFIRM |
agro-school_management_system_project -- agro-school_management_system | A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230670 is the identifier assigned to this vulnerability. | 2023-06-04 | 9.8 | CVE-2023-3094 MISC MISC MISC |
marsctf_project -- marsctf | MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. | 2023-06-05 | 9.8 | CVE-2023-33386 MISC MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. | 2023-06-02 | 9.8 | CVE-2023-33669 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. | 2023-06-02 | 9.8 | CVE-2023-33670 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | 2023-06-02 | 9.8 | CVE-2023-33671 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2023-06-02 | 9.8 | CVE-2023-33673 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. | 2023-06-02 | 9.8 | CVE-2023-33675 MISC |
simpleredak -- simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. | 2023-06-02 | 9.8 | CVE-2023-33762 MISC |
xfinity -- comcast_defined_technologies_microeisbss | An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation.. | 2023-06-02 | 9 | CVE-2022-45938 MISC MISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | 9 | CVE-2023-3086 CONFIRM MISC |
wordpress -- wordpress | A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability. | 2023-06-04 | 8.8 | CVE-2013-10027 MISC MISC MISC |
sguda -- u-lock_firmware | SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks. | 2023-06-02 | 8.8 | CVE-2022-46307 MISC |
sguda -- u-lock_firmware | SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information. | 2023-06-02 | 8.8 | CVE-2022-46308 MISC |
ibm -- security_guardium | IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657. | 2023-06-05 | 8.8 | CVE-2023-0041 MISC MISC |
mozilla -- firefox_esr | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-0767 MISC MISC MISC MISC |
connect_line -- mbconnect24 | An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account. | 2023-06-06 | 8.8 | CVE-2023-0985 MISC |
wordpress -- wordpress | The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-02 | 8.8 | CVE-2023-2201 MISC MISC |
mozilla -- firefox | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 8.8 | CVE-2023-23605 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109. | 2023-06-02 | 8.8 | CVE-2023-23606 MISC MISC |
mozilla -- firefox_esr | Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals . This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25729 MISC MISC MISC MISC |
mozilla -- firefox | Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. | 2023-06-02 | 8.8 | CVE-2023-25731 MISC MISC |
mozilla -- firefox_esr | When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25732 MISC MISC MISC MISC |
mozilla -- firefox_esr | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25735 MISC MISC MISC MISC |
mozilla -- firefox_esr | An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25737 MISC MISC MISC MISC |
mozilla -- firefox_esr | Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext . This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25739 MISC MISC MISC MISC |
mozilla -- firefox | After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. | 2023-06-02 | 8.8 | CVE-2023-25740 MISC MISC |
mozilla -- firefox_esr | Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25744 MISC MISC MISC |
mozilla -- firefox | Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110. | 2023-06-02 | 8.8 | CVE-2023-25745 MISC MISC |
mozilla -- firefox_esr | Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25746 MISC MISC MISC |
southrivertech -- titan_ftp_server_nextgen | An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. | 2023-06-02 | 8.8 | CVE-2023-27745 MISC MISC |
mozilla -- firefox | If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. | 2023-06-02 | 8.8 | CVE-2023-28161 MISC MISC |
mozilla -- firefox | While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 8.8 | CVE-2023-28162 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 8.8 | CVE-2023-28176 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. | 2023-06-02 | 8.8 | CVE-2023-28177 MISC MISC |
wddgroup -- fantasy | Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | 2023-06-02 | 8.8 | CVE-2023-28699 MISC |
asus -- rt-ac86u_firmware | ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service. | 2023-06-02 | 8.8 | CVE-2023-28702 MISC |
furbo -- dog_camera_firmware | Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service. | 2023-06-02 | 8.8 | CVE-2023-28704 MISC |
mozilla -- thunderbird | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 8.8 | CVE-2023-29536 MISC MISC MISC MISC |
mozilla -- thunderbird | Firefox did not properly handle downloads of files ending in .desktop , which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 8.8 | CVE-2023-29541 MISC MISC MISC MISC |
mozilla -- focus | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 8.8 | CVE-2023-29543 MISC MISC |
mozilla -- thunderbird | Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 8.8 | CVE-2023-29550 MISC MISC MISC MISC |
mozilla -- focus | Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 8.8 | CVE-2023-29551 MISC MISC |
mobatime -- mobatime_web_application | Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22. | 2023-06-02 | 8.8 | CVE-2023-3032 MISC |
mobatime -- mobatime_web_application | Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22. | 2023-06-02 | 8.8 | CVE-2023-3033 MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 8.8 | CVE-2023-3052 MISC MISC MISC MISC MISC MISC |
service_provider_management_system_project -- service_provider_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230798 is the identifier assigned to this vulnerability. | 2023-06-06 | 8.8 | CVE-2023-3119 MISC MISC MISC |
mozilla -- firefox | When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 8.8 | CVE-2023-32213 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 8.8 | CVE-2023-32215 MISC MISC MISC MISC |
minical -- minical | Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file. | 2023-06-05 | 8.8 | CVE-2023-33410 MISC MISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | 8.7 | CVE-2023-3083 MISC CONFIRM |
mozilla -- firefox | After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.1 | CVE-2023-25734 MISC MISC MISC MISC MISC MISC MISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | 8.1 | CVE-2023-3084 MISC CONFIRM |
qualcomm -- csr8811_firmware | Memory corruption in Linux Networking due to double free while handling a hyp-assign. | 2023-06-06 | 7.8 | CVE-2022-40522 MISC |
qualcomm -- aqt1000_firmware | Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 2023-06-06 | 7.8 | CVE-2022-40529 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2022-48390 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2022-48392 MISC |
qualcomm -- apq8017_firmware | Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. | 2023-06-06 | 7.8 | CVE-2023-21628 MISC |
qualcomm -- apq8064au_firmware | Memory corruption in Automotive GPU while querying a gsl memory node. | 2023-06-06 | 7.8 | CVE-2023-21632 MISC |
qualcomm -- ar8035_firmware | Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 2023-06-06 | 7.8 | CVE-2023-21656 MISC |
qualcomm -- csra6620_firmware | Memoru corruption in Audio when ADSP sends input during record use case. | 2023-06-06 | 7.8 | CVE-2023-21657 MISC |
qualcomm -- 315_5g_iot_modem_firmware | Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | 2023-06-06 | 7.8 | CVE-2023-21670 MISC |
ibm -- aspera_cargo | IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. | 2023-06-05 | 7.8 | CVE-2023-27285 MISC MISC |
southrivertech -- titan_ftp_server_nextgen | An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. | 2023-06-02 | 7.8 | CVE-2023-27744 MISC MISC |
bt21_x_bts_wallpaper_project -- bt21_x_bts_wallpaper | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | 2023-06-02 | 7.8 | CVE-2023-29724 MISC MISC MISC |
google -- android | In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2023-30863 MISC |
google -- android | In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2023-30864 MISC |
linux -- linux_kernel | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | 2023-06-05 | 7.8 | CVE-2023-3111 MISC |
reportlab -- reportlab | Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | 2023-06-05 | 7.8 | CVE-2023-33733 MISC |
emlog -- emlog | *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | 2023-06-05 | 7.5 | CVE-2020-19028 MISC MISC |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | 2023-06-06 | 7.5 | CVE-2022-40536 MISC |
qualcomm -- ar8035_firmware | Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. | 2023-06-06 | 7.5 | CVE-2022-40538 MISC |
qualcomm -- ar8035_firmware | Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. | 2023-06-06 | 7.5 | CVE-2023-21658 MISC |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in WLAN Firmware while processing frames with missing header fields. | 2023-06-06 | 7.5 | CVE-2023-21659 MISC |
qualcomm -- csr8811_firmware | Transient DOS in WLAN Firmware while parsing FT Information Elements. | 2023-06-06 | 7.5 | CVE-2023-21660 MISC |
qualcomm -- ar8035_firmware | Transient DOS while parsing WLAN beacon or probe-response frame. | 2023-06-06 | 7.5 | CVE-2023-21661 MISC |
qualcomm -- aqt1000_firmware | Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address. | 2023-06-06 | 7.5 | CVE-2023-21669 MISC |
ibm -- aspera_cargo | IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107. | 2023-06-05 | 7.5 | CVE-2023-22862 MISC MISC |
mozilla -- firefox_focus | A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome. *This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | 2023-06-02 | 7.5 | CVE-2023-25743 MISC MISC MISC |
mozilla -- focus | Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 7.5 | CVE-2023-29537 MISC MISC MISC MISC |
hitrontech -- coda-5310_firmware | Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator. | 2023-06-02 | 7.5 | CVE-2023-30602 MISC |
microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-06-03 | 7.5 | CVE-2023-33143 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 2023-06-02 | 7.5 | CVE-2023-33672 MISC |
harbingergroup -- office_player | OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. | 2023-06-05 | 7.5 | CVE-2023-34407 MISC |
microsoft -- office | Microsoft Office Remote Code Execution Vulnerability | 2023-06-05 | 7.3 | CVE-2023-29344 MISC |
hitrontech -- coda-5310_firmware | Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | 2023-06-02 | 7.2 | CVE-2022-47616 MISC |
hitrontech -- coda-5310_firmware | Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | 2023-06-02 | 7.2 | CVE-2022-47617 MISC |
asus -- rt-ac86u_firmware | ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service. | 2023-06-02 | 7.2 | CVE-2023-28703 MISC |
service_provider_management_system_project -- service_provider_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799. | 2023-06-06 | 7.2 | CVE-2023-3120 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
itpison -- omicard_edm | OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | 2023-06-02 | 6.8 | CVE-2023-28700 MISC |
linuxfoundation -- iot-yocto | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796914; Issue ID: ALPS07796914. | 2023-06-06 | 6.7 | CVE-2023-20712 MISC |
linuxfoundation -- iot-yocto | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900. | 2023-06-06 | 6.7 | CVE-2023-20715 MISC |
linuxfoundation -- iot-yocto | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883. | 2023-06-06 | 6.7 | CVE-2023-20716 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845. | 2023-06-06 | 6.7 | CVE-2023-20723 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841. | 2023-06-06 | 6.7 | CVE-2023-20724 MISC |
rdkcentral -- rdk-b | In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only). | 2023-06-06 | 6.7 | CVE-2023-20725 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480. | 2023-06-06 | 6.7 | CVE-2023-20732 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149. | 2023-06-06 | 6.7 | CVE-2023-20733 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645184. | 2023-06-06 | 6.7 | CVE-2023-20734 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178. | 2023-06-06 | 6.7 | CVE-2023-20735 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167. | 2023-06-06 | 6.7 | CVE-2023-20737 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173. | 2023-06-06 | 6.7 | CVE-2023-20738 MISC |
google -- android | In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559819. | 2023-06-06 | 6.7 | CVE-2023-20739 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559840. | 2023-06-06 | 6.7 | CVE-2023-20740 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142. | 2023-06-06 | 6.7 | CVE-2023-20743 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200. | 2023-06-06 | 6.7 | CVE-2023-20744 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694. | 2023-06-06 | 6.7 | CVE-2023-20745 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217. | 2023-06-06 | 6.7 | CVE-2023-20746 MISC |
google -- android | In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926. | 2023-06-06 | 6.7 | CVE-2023-20749 MISC |
google -- android | In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502. | 2023-06-06 | 6.7 | CVE-2023-20751 MISC |
google -- android | In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586. | 2023-06-06 | 6.7 | CVE-2023-20752 MISC |
mozilla -- thunderbird | Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. | 2023-06-02 | 6.5 | CVE-2023-0430 MISC MISC |
mozilla -- thunderbird | OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-0547 MISC MISC |
mozilla -- thunderbird | If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. | 2023-06-02 | 6.5 | CVE-2023-0616 MISC MISC |
mozilla -- thunderbird | Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. | 2023-06-02 | 6.5 | CVE-2023-1945 MISC MISC MISC |
mozilla -- firefox | A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. | 2023-06-02 | 6.5 | CVE-2023-23597 MISC MISC |
mozilla -- firefox | Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData . This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23598 MISC MISC MISC MISC |
mozilla -- firefox | When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23599 MISC MISC MISC MISC |
mozilla -- firefox | Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 109. | 2023-06-02 | 6.5 | CVE-2023-23600 MISC MISC |
mozilla -- firefox | Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23601 MISC MISC MISC MISC |
mozilla -- firefox | A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23602 MISC MISC MISC MISC |
mozilla -- firefox | Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23603 MISC MISC MISC MISC |
mozilla -- firefox | A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString . This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. | 2023-06-02 | 6.5 | CVE-2023-23604 MISC MISC |
mozilla -- firefox_esr | The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 6.5 | CVE-2023-25728 MISC MISC MISC MISC |
mozilla -- firefox | Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 6.5 | CVE-2023-25738 MISC MISC MISC MISC |
mozilla -- firefox | When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110. | 2023-06-02 | 6.5 | CVE-2023-25741 MISC MISC MISC MISC |
mozilla -- firefox_esr | When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 6.5 | CVE-2023-25742 MISC MISC MISC MISC |
mozilla -- firefox | Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-25751 MISC MISC MISC MISC |
mozilla -- firefox | When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-25752 MISC MISC MISC MISC |
mozilla -- firefox | When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. | 2023-06-02 | 6.5 | CVE-2023-28160 MISC MISC |
mozilla -- firefox | When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-28163 MISC MISC MISC MISC |
mozilla -- firefox | Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-28164 MISC MISC MISC MISC |
mozilla -- thunderbird | A website could have obscured the fullscreen notification by using a combination of window.open , fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29533 MISC MISC MISC MISC MISC |
mozilla -- thunderbird | Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29535 MISC MISC MISC MISC |
mozilla -- thunderbird | When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29539 MISC MISC MISC MISC |
mozilla -- focus | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.5 | CVE-2023-29544 MISC MISC |
mozilla -- focus | When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.5 | CVE-2023-29547 MISC MISC |
mozilla -- thunderbird | A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29548 MISC MISC MISC MISC |
mozilla -- focus | Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.5 | CVE-2023-29549 MISC MISC |
corebos -- corebos | Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 6.5 | CVE-2023-3075 CONFIRM MISC |
teampass -- teampass | Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-04 | 6.5 | CVE-2023-3095 CONFIRM MISC |
mozilla -- firefox | In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32205 MISC MISC MISC MISC MISC |
mozilla -- firefox | An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32206 MISC MISC MISC MISC |
mozilla -- firefox | A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32207 MISC MISC MISC MISC |
mozilla -- firefox | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32211 MISC MISC MISC MISC |
minical -- minical | Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | 2023-06-05 | 6.5 | CVE-2023-33409 MISC MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189. | 2023-06-06 | 6.4 | CVE-2023-20736 MISC |
wordpress -- wordpress | A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660. | 2023-06-04 | 6.1 | CVE-2013-10028 MISC MISC MISC |
wordpress -- wordpress | A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659. | 2023-06-05 | 6.1 | CVE-2014-125105 MISC MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392. | 2023-06-02 | 6.1 | CVE-2015-10110 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability. | 2023-06-05 | 6.1 | CVE-2015-10113 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability. | 2023-06-05 | 6.1 | CVE-2015-10114 MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 6.1 | CVE-2023-2298 MISC MISC MISC |
vcita -- contact_form_builder_by_vcita | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 6.1 | CVE-2023-2301 MISC MISC MISC |
vcita -- contact_form_and_calls_to_action_by_vcita | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 6.1 | CVE-2023-2303 MISC MISC MISC |
wordpress -- wordpress | The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | 6.1 | CVE-2023-2337 MISC |
wordpress -- wordpress | The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | 6.1 | CVE-2023-2472 MISC |
wordpress -- wordpress | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | 6.1 | CVE-2023-2488 MISC |
wordpress -- wordpress | The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-02 | 6.1 | CVE-2023-2835 MISC MISC MISC |
openfind -- mail2000 | Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack. | 2023-06-02 | 6.1 | CVE-2023-28705 MISC |
microsoft -- microsoft_edge | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-06-07 | 6.1 | CVE-2023-29345 MISC |
mozilla -- focus | Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols . This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.1 | CVE-2023-29540 MISC MISC |
gitpod -- gitpod | Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). | 2023-06-05 | 6.1 | CVE-2023-32766 MISC MISC MISC MISC MISC MISC |
escanav -- escan_management_console | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | 2023-06-02 | 6.1 | CVE-2023-33731 MISC MISC |
simpleredak -- simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. | 2023-06-02 | 6.1 | CVE-2023-33761 MISC |
simpleredak -- simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. | 2023-06-02 | 6.1 | CVE-2023-33763 MISC |
ibm -- maximo_application_suite | IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208. | 2023-06-05 | 5.9 | CVE-2023-27861 MISC MISC |
status -- powerbpm | It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence. | 2023-06-02 | 5.7 | CVE-2023-25780 MISC |
qualcomm -- 9205_lte_modem_firmware | Information disclosure in Kernel due to indirect branch misprediction. | 2023-06-06 | 5.5 | CVE-2022-40523 MISC |
qualcomm -- csr8811_firmware | Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis. | 2023-06-06 | 5.5 | CVE-2022-40525 MISC |
qualcomm -- csra6620_firmware | Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. | 2023-06-06 | 5.5 | CVE-2022-40533 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48391 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48440 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48441 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48442 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48443 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48444 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48445 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48446 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48447 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48448 MISC |
arm -- valhall_gpu_kernel_driver | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | 2023-06-02 | 5.5 | CVE-2023-28147 MISC |
arm -- avalon_gpu_kernel_driver | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | 2023-06-02 | 5.5 | CVE-2023-28469 MISC |
bt21_x_bts_wallpaper_project -- bt21_x_bts_wallpaper | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | 2023-06-02 | 5.5 | CVE-2023-29725 MISC MISC MISC MISC |
google -- android | In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30865 MISC |
google -- android | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30866 MISC |
google -- android | In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30914 MISC |
google -- android | In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30915 MISC |
mp4v2_project -- mp4v2 | mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes() | 2023-06-02 | 5.5 | CVE-2023-33717 MISC MISC |
wordpress -- wordpress | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 5.4 | CVE-2023-2300 MISC MISC MISC |
wordpress -- wordpress | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 5.4 | CVE-2023-2302 MISC MISC MISC |
mozilla -- firefox_esr | A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 5.4 | CVE-2023-25730 MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 5.4 | CVE-2023-3051 MISC MISC MISC |
07fly -- customer_relationship_management | A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560. | 2023-06-02 | 5.4 | CVE-2023-3058 MISC MISC MISC |
agro-school_management_system_project -- agro-school_management_system | A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability. | 2023-06-02 | 5.4 | CVE-2023-3060 MISC MISC MISC |
trilium_project -- trilium | Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. | 2023-06-02 | 5.4 | CVE-2023-3067 MISC CONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3070 CONFIRM MISC |
tsolucio -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3071 MISC CONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3073 MISC CONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3074 CONFIRM MISC |
admidio -- admidio | Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. | 2023-06-05 | 5.4 | CVE-2023-3109 CONFIRM MISC |
minical -- minical | Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file. | 2023-06-05 | 5.4 | CVE-2023-33408 MISC MISC |
dokuwiki -- dokuwiki | DokuWiki before 2023-04-04a allows XSS via RSS titles. | 2023-06-05 | 5.4 | CVE-2023-34408 MISC MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings. | 2023-06-03 | 5.3 | CVE-2023-2299 MISC MISC MISC |
mozilla -- focus | Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 5.3 | CVE-2023-29538 MISC MISC |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. | 2023-06-05 | 5.3 | CVE-2023-32334 MISC MISC MISC |
advent -- tamale_rms | Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app. | 2023-06-05 | 5.3 | CVE-2023-33524 MISC MISC MISC |
wordpress -- wordpress | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-02 | 4.8 | CVE-2023-1159 MISC MISC |
wordpress -- wordpress | The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-06-05 | 4.8 | CVE-2023-2224 MISC |
wordpress -- wordpress | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-05 | 4.8 | CVE-2023-2489 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions. | 2023-06-03 | 4.8 | CVE-2023-32582 MISC |
google -- android | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-06-06 | 4.4 | CVE-2022-48438 MISC |
google -- android | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-06-06 | 4.4 | CVE-2022-48439 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531. | 2023-06-06 | 4.4 | CVE-2023-20727 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603. | 2023-06-06 | 4.4 | CVE-2023-20728 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575. | 2023-06-06 | 4.4 | CVE-2023-20729 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573552. | 2023-06-06 | 4.4 | CVE-2023-20730 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495. | 2023-06-06 | 4.4 | CVE-2023-20731 MISC |
google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606. | 2023-06-06 | 4.4 | CVE-2023-20741 MISC |
google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628540. | 2023-06-06 | 4.4 | CVE-2023-20742 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121. | 2023-06-06 | 4.4 | CVE-2023-20747 MISC |
wordpress -- wordpress | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons. | 2023-06-03 | 4.3 | CVE-2023-0583 MISC MISC |
wordpress -- wordpress | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value. | 2023-06-03 | 4.3 | CVE-2023-0584 MISC MISC |
mb_connect_line -- mbconnect24 | Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information. | 2023-06-06 | 4.3 | CVE-2023-1779 MISC |
mozilla -- firefox | By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-25748 MISC MISC |
mozilla -- firefox | Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-25749 MISC MISC |
mozilla -- firefox | Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-25750 MISC MISC |
mozilla -- firefox | The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-28159 MISC MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status. | 2023-06-03 | 4.3 | CVE-2023-3053 MISC MISC MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 4.3 | CVE-2023-3055 MISC MISC |
mozilla -- firefox | An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 4.3 | CVE-2023-32212 MISC MISC MISC MISC |
google -- android | In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928. | 2023-06-06 | 4.1 | CVE-2023-20750 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
silabs -- gecko_software_development_kit | Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | 2023-06-02 | 3.3 | CVE-2023-2687 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress -- wordpress | A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671. | 2023-06-05 | not yet calculated | CVE-2013-10029 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672. | 2023-06-05 | not yet calculated | CVE-2013-10030 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652. | 2023-06-05 | not yet calculated | CVE-2015-10112 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655. | 2023-06-05 | not yet calculated | CVE-2015-10115 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability. | 2023-06-06 | not yet calculated | CVE-2015-10116 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664. | 2023-06-06 | not yet calculated | CVE-2015-10117 MISC MISC MISC MISC |
wordpress -- wordpress | The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2016-15033 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in Arborator Server. This vulnerability affects the function start of the file project.cgi. The manipulation of the argument project leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as cdbdbcbd491db65e9d697ab4365605fdfab1a604. It is recommended to apply a patch to fix this issue. VDB-230662 is the identifier assigned to this vulnerability. | 2023-06-06 | not yet calculated | CVE-2018-25087 MISC MISC MISC |
arborator -- server | A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | 2023-06-09 | not yet calculated | CVE-2019-16283 MISC |
wordpress -- wordpress | The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2019-25138 MISC MISC MISC |
wordpress -- wordpress | The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. | 2023-06-07 | not yet calculated | CVE-2019-25139 MISC MISC MISC MISC |
wordpress -- wordpress | The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2019-25140 MISC MISC MISC MISC |
wordpress -- wordpress | The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts. | 2023-06-07 | not yet calculated | CVE-2019-25141 MISC MISC MISC MISC |
wordpress -- wordpress | The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options. | 2023-06-07 | not yet calculated | CVE-2019-25142 MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings. | 2023-06-07 | not yet calculated | CVE-2019-25143 MISC MISC MISC MISC |
wordpress -- wordpress | The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2019-25144 MISC MISC |
wordpress -- wordpress | The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims. | 2023-06-07 | not yet calculated | CVE-2019-25145 MISC MISC |
wordpress -- wordpress | The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page. | 2023-06-07 | not yet calculated | CVE-2019-25146 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2019-25147 MISC MISC MISC |
wordpress -- wordpress | The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2019-25148 MISC MISC MISC |
wordpress -- wordpress | The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security. | 2023-06-07 | not yet calculated | CVE-2019-25149 MISC MISC |
wordpress -- wordpress | The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators. | 2023-06-07 | not yet calculated | CVE-2019-25150 MISC MISC MISC |
wordpress -- wordpress | The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service. | 2023-06-07 | not yet calculated | CVE-2019-25151 MISC MISC MISC MISC |
wordpress -- wordpress | The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service. | 2023-06-07 | not yet calculated | CVE-2020-36696 MISC MISC MISC MISC |
wordpress -- wordpress | The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings. | 2023-06-07 | not yet calculated | CVE-2020-36697 MISC MISC MISC |
wordpress -- wordpress | The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website. | 2023-06-07 | not yet calculated | CVE-2020-36699 MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content. | 2023-06-07 | not yet calculated | CVE-2020-36700 MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server. | 2023-06-07 | not yet calculated | CVE-2020-36701 MISC MISC MISC MISC |
wordpress -- wordpress | The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings. | 2023-06-07 | not yet calculated | CVE-2020-36702 MISC MISC |
wordpress -- wordpress | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts. | 2023-06-07 | not yet calculated | CVE-2020-36703 MISC MISC |
wordpress -- wordpress | The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2020-36704 MISC MISC |
wordpress -- wordpress | The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2020-36705 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2020-36707 MISC MISC MISC MISC |
wordpress -- wordpress | The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution. | 2023-06-07 | not yet calculated | CVE-2020-36708 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2020-36709 MISC MISC MISC |
wordpress -- wordpress | The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2. | 2023-06-07 | not yet calculated | CVE-2020-36710 MISC MISC |
wordpress -- wordpress | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2020-36711 MISC MISC MISC |
wordpress -- wordpress | The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter. | 2023-06-07 | not yet calculated | CVE-2020-36712 MISC MISC |
wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account. | 2023-06-07 | not yet calculated | CVE-2020-36713 MISC MISC MISC |
wordpress -- wordpress | The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2020-36715 MISC MISC MISC |
wordpress -- wordpress | The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options. | 2023-06-07 | not yet calculated | CVE-2020-36716 MISC MISC MISC |
wordpress -- wordpress | The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2020-36717 MISC MISC |
wordpress -- wordpress | The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object. | 2023-06-07 | not yet calculated | CVE-2020-36718 MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin. | 2023-06-07 | not yet calculated | CVE-2020-36719 MISC MISC MISC |
wordpress -- wordpress | The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings. | 2023-06-07 | not yet calculated | CVE-2020-36720 MISC MISC MISC |
wordpress -- wordpress | The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site. | 2023-06-07 | not yet calculated | CVE-2020-36721 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. | 2023-06-07 | not yet calculated | CVE-2020-36722 MISC MISC MISC MISC |
wordpress -- wordpress | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts. | 2023-06-07 | not yet calculated | CVE-2020-36723 MISC MISC MISC |
wordpress -- wordpress | The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges. | 2023-06-07 | not yet calculated | CVE-2020-36724 MISC MISC MISC |
wordpress -- wordpress | The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings. | 2023-06-07 | not yet calculated | CVE-2020-36725 MISC MISC MISC MISC |
wordpress -- wordpress | The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. | 2023-06-07 | not yet calculated | CVE-2020-36726 MISC MISC MISC |
wordpress -- wordpress | The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object. | 2023-06-07 | not yet calculated | CVE-2020-36727 MISC MISC MISC |
wordpress -- wordpress | The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site. | 2023-06-07 | not yet calculated | CVE-2020-36728 MISC MISC MISC MISC |
wordpress -- wordpress | The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog. | 2023-06-07 | not yet calculated | CVE-2020-36729 MISC MISC MISC MISC |
wordpress -- wordpress | The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin. | 2023-06-07 | not yet calculated | CVE-2020-36730 MISC MISC MISC MISC |
wordpress -- wordpress | The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored. | 2023-06-07 | not yet calculated | CVE-2020-36731 MISC MISC MISC |
seeddms -- seeddms | An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. | 2023-06-07 | not yet calculated | CVE-2021-33223 MISC MISC |
wordpress -- wordpress | Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. | 2023-06-07 | not yet calculated | CVE-2021-4337 MISC MISC MISC |
wordpress -- wordpress | The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections. | 2023-06-07 | not yet calculated | CVE-2021-4338 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database. | 2023-06-07 | not yet calculated | CVE-2021-4339 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-07 | not yet calculated | CVE-2021-4340 MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database. | 2023-06-07 | not yet calculated | CVE-2021-4341 MISC MISC |
wordpress -- wordpress | Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed. | 2023-06-07 | not yet calculated | CVE-2021-4342 MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges. | 2023-06-07 | not yet calculated | CVE-2021-4343 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including 'guest users', in their own category (authenticated, or unauthenticated guests). | 2023-06-07 | not yet calculated | CVE-2021-4344 MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities. | 2023-06-07 | not yet calculated | CVE-2021-4345 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog, such as changing the admin account's email address. | 2023-06-07 | not yet calculated | CVE-2021-4346 MISC MISC MISC |
wordpress -- wordpress | The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue. | 2023-06-07 | not yet calculated | CVE-2021-4347 MISC MISC |
wordpress -- wordpress | The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites. | 2023-06-07 | not yet calculated | CVE-2021-4348 MISC MISC |
wordpress -- wordpress | The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2021-4349 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay. | 2023-06-07 | not yet calculated | CVE-2021-4350 MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to change the meta data of certain posts and pages. | 2023-06-07 | not yet calculated | CVE-2021-4351 MISC MISC |
wordpress -- wordpress | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin. | 2023-06-07 | not yet calculated | CVE-2021-4352 MISC MISC MISC |
wordpress -- wordpress | The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2021-4354 MISC MISC |
wordpress -- wordpress | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders. | 2023-06-07 | not yet calculated | CVE-2021-4355 MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to download arbitrary files on the site, potentially leading to site takeover. | 2023-06-07 | not yet calculated | CVE-2021-4356 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete site posts and pages. | 2023-06-07 | not yet calculated | CVE-2021-4357 MISC MISC MISC MISC |
wordpress -- wordpress | The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4358 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site. | 2023-06-07 | not yet calculated | CVE-2021-4359 MISC MISC MISC |
wordpress -- wordpress | The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access. | 2023-06-07 | not yet calculated | CVE-2021-4360 MISC MISC MISC MISC |
wordpress -- wordpress | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site. | 2023-06-07 | not yet calculated | CVE-2021-4361 MISC MISC MISC |
wordpress -- wordpress | The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version. | 2023-06-07 | not yet calculated | CVE-2021-4362 MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on the user-supplied $_REQUEST values . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2021-4363 MISC MISC MISC |
wordpress -- wordpress | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls. | 2023-06-07 | not yet calculated | CVE-2021-4364 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4365 MISC MISC MISC |
wordpress -- wordpress | The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin. | 2023-06-07 | not yet calculated | CVE-2021-4366 MISC MISC MISC |
wordpress -- wordpress | The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4367 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities. | 2023-06-07 | not yet calculated | CVE-2021-4368 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to edit the content and title of every page on the site. | 2023-06-07 | not yet calculated | CVE-2021-4369 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection. | 2023-06-07 | not yet calculated | CVE-2021-4370 MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so. | 2023-06-07 | not yet calculated | CVE-2021-4371 MISC MISC MISC |
wordpress -- wordpress | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site. | 2023-06-07 | not yet calculated | CVE-2021-4372 MISC MISC |
wordpress -- wordpress | The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2021-4373 MISC MISC MISC |
wordpress -- wordpress | The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site. | 2023-06-07 | not yet calculated | CVE-2021-4374 MISC MISC |
wordpress -- wordpress | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings. | 2023-06-07 | not yet calculated | CVE-2021-4375 MISC MISC |
wordpress -- wordpress | The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value. | 2023-06-07 | not yet calculated | CVE-2021-4376 MISC MISC MISC MISC |
wordpress -- wordpress | The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This can allow authenticated attackers to extract a CSV file that contains sensitive information about the donors. | 2023-06-07 | not yet calculated | CVE-2021-4377 MISC MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4378 MISC MISC |
wordpress -- wordpress | The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices. | 2023-06-07 | not yet calculated | CVE-2021-4379 MISC MISC MISC |
wordpress -- wordpress | The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors. | 2023-06-07 | not yet calculated | CVE-2021-4380 MISC MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database. | 2023-06-07 | not yet calculated | CVE-2021-4381 MISC MISC MISC |
wordpress -- wordpress | The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2021-4382 MISC MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog. | 2023-06-07 | not yet calculated | CVE-2021-4383 MISC MISC MISC |
wordpress -- wordpress | The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. | 2023-06-07 | not yet calculated | CVE-2021-46889 MISC |
qualcomm -- multiple_products | Assertion occurs while processing Reconfiguration message due to improper validation | 2023-06-06 | not yet calculated | CVE-2022-22060 MISC |
qualcomm -- multiple_products | information disclosure due to cryptographic issue in Core during RPMB read request. | 2023-06-06 | not yet calculated | CVE-2022-22076 MISC |
percona -- xtrabackup | In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. | 2023-06-07 | not yet calculated | CVE-2022-25834 MISC MISC |
vmware -- tools | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | 2023-06-07 | not yet calculated | CVE-2022-31693 CONFIRM MISC |
qualcomm -- multiple_products | Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries. | 2023-06-06 | not yet calculated | CVE-2022-33224 MISC |
qualcomm -- multiple_products | Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications. | 2023-06-06 | not yet calculated | CVE-2022-33226 MISC |
qualcomm -- multiple_products | Memory corruption in Linux android due to double free while calling unregister provider after register call. | 2023-06-06 | not yet calculated | CVE-2022-33227 MISC |
qualcomm -- multiple_products | Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host | 2023-06-06 | not yet calculated | CVE-2022-33230 MISC |
qualcomm -- multiple_products | Memory corruption in Audio due to incorrect type cast during audio use-cases. | 2023-06-06 | not yet calculated | CVE-2022-33240 MISC |
qualcomm -- multiple_products | Transient DOS due to reachable assertion in Modem because of invalid network configuration. | 2023-06-06 | not yet calculated | CVE-2022-33251 MISC |
qualcomm -- multiple_products | Memory corruption due to use after free in Core when multiple DCI clients register and deregister. | 2023-06-06 | not yet calculated | CVE-2022-33263 MISC |
qualcomm -- multiple_products | Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 2023-06-06 | not yet calculated | CVE-2022-33264 MISC |
qualcomm -- multiple_products | Memory corruption in Linux while sending DRM request. | 2023-06-06 | not yet calculated | CVE-2022-33267 MISC |
qualcomm -- multiple_products | Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue. | 2023-06-06 | not yet calculated | CVE-2022-33303 MISC |
qualcomm -- multiple_products | Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. | 2023-06-06 | not yet calculated | CVE-2022-33307 MISC |
qualcomm -- multiple_products | Memory corruption due to double free in Core while mapping HLOS address to the list. | 2023-06-06 | not yet calculated | CVE-2022-40507 MISC |
qualcomm -- multiple_products | Transient DOS due to improper authorization in Modem | 2023-06-06 | not yet calculated | CVE-2022-40521 MISC |
lenovo -- thinkpad | A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | 2023-06-05 | not yet calculated | CVE-2022-4569 MISC |
syncthing -- syncthing | Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. As a result the webUI may be subject to a stored cross site scripting attack. This issue has been addressed in version 1.23.5. Users are advised to upgrade. Users unable to upgrade should avoid sharing folders with untrusted users. | 2023-06-06 | not yet calculated | CVE-2022-46165 MISC MISC |
lenovo -- thinkpad | An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. | 2023-06-05 | not yet calculated | CVE-2022-48181 MISC |
lenovo -- multiple_products | A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. | 2023-06-05 | not yet calculated | CVE-2022-48188 MISC |
wordpress -- wordpress | The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. | 2023-06-05 | not yet calculated | CVE-2022-4946 MISC |
wordpress -- wordpress | The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker. | 2023-06-07 | not yet calculated | CVE-2022-4948 MISC MISC |
wordpress -- wordpress | The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2022-4949 MISC MISC |
wordpress -- wordpress | Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. | 2023-06-07 | not yet calculated | CVE-2022-4950 MISC MISC MISC |
gitlab -- gitlab | A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | 2023-06-07 | not yet calculated | CVE-2023-0121 MISC CONFIRM MISC |
wordpress -- wordpress | The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-06-05 | not yet calculated | CVE-2023-0152 MISC |
wordpress -- wordpress | The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files. | 2023-06-09 | not yet calculated | CVE-2023-0291 MISC MISC MISC MISC |
wordpress -- wordpress | The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-0292 MISC MISC MISC MISC |
mongodb_inc. -- mongodb_ops_manager | MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 | 2023-06-09 | not yet calculated | CVE-2023-0342 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API. | 2023-06-07 | not yet calculated | CVE-2023-0508 MISC MISC CONFIRM |
wordpress -- wordpress | The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-06-05 | not yet calculated | CVE-2023-0545 MISC |
linux -- multiple_products | Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01. | 2023-06-05 | not yet calculated | CVE-2023-0635 MISC |
linux -- multiple_products | Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1. | 2023-06-05 | not yet calculated | CVE-2023-0636 MISC |
wireshark_foundation -- wireshark | Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | 2023-06-07 | not yet calculated | CVE-2023-0666 MISC MISC MISC MISC |
wireshark_foundation -- wireshark | Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark | 2023-06-07 | not yet calculated | CVE-2023-0667 MISC MISC |
wireshark_foundation -- wireshark | Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | 2023-06-07 | not yet calculated | CVE-2023-0668 MISC MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID. | 2023-06-09 | not yet calculated | CVE-2023-0688 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter's last name. | 2023-06-09 | not yet calculated | CVE-2023-0691 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions. | 2023-06-09 | not yet calculated | CVE-2023-0692 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment. | 2023-06-09 | not yet calculated | CVE-2023-0693 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission. | 2023-06-09 | not yet calculated | CVE-2023-0694 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | not yet calculated | CVE-2023-0695 MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | not yet calculated | CVE-2023-0708 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | not yet calculated | CVE-2023-0709 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity. | 2023-06-09 | not yet calculated | CVE-2023-0710 MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2023-06-09 | not yet calculated | CVE-2023-0721 MISC MISC MISC |
wordpress -- wordpress | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-06-09 | not yet calculated | CVE-2023-0729 MISC MISC MISC |
wordpress -- wordpress | The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-0831 MISC MISC |
wordpress -- wordpress | The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-0832 MISC MISC |
wordpress -- wordpress | The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. | 2023-06-05 | not yet calculated | CVE-2023-0900 MISC |
gitlab -- gitlab | A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 2023-06-06 | not yet calculated | CVE-2023-0921 CONFIRM MISC MISC |
sensormatic_electronics -- illustra_pro_gen_4_dome | A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. | 2023-06-08 | not yet calculated | CVE-2023-0954 MISC MISC |
trellix -- trellix_agent | A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. | 2023-06-07 | not yet calculated | CVE-2023-0976 MISC |
wordpress -- wordpress | The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-0992 MISC MISC MISC |
wordpress -- wordpress | The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992. | 2023-06-09 | not yet calculated | CVE-2023-0993 MISC MISC MISC |
wordpress -- wordpress | The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK. | 2023-06-09 | not yet calculated | CVE-2023-1016 MISC MISC |
wordpress -- wordpress | The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site. | 2023-06-09 | not yet calculated | CVE-2023-1169 MISC MISC MISC |
hashicorp -- consul | Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 | 2023-06-02 | not yet calculated | CVE-2023-1297 MISC |
wordpress -- wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache. | 2023-06-09 | not yet calculated | CVE-2023-1375 MISC MISC MISC |
trellix -- trellix_agent | A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. | 2023-06-07 | not yet calculated | CVE-2023-1388 MISC |
wordpress -- wordpress | The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-1403 MISC MISC |
wordpress -- wordpress | The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-1404 MISC MISC |
google -- grpc | There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. | 2023-06-09 | not yet calculated | CVE-2023-1428 MISC |
wordpress -- wordpress | The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address. | 2023-06-09 | not yet calculated | CVE-2023-1430 MISC MISC |
wordpress -- wordpress | The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-1615 MISC MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. | 2023-06-06 | not yet calculated | CVE-2023-1621 CONFIRM MISC MISC |
siemens -- jt2go | The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2023-06-07 | not yet calculated | CVE-2023-1709 MISC MISC |
wordpress -- wordpress | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-1807 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. | 2023-06-07 | not yet calculated | CVE-2023-1825 CONFIRM MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure. | 2023-06-09 | not yet calculated | CVE-2023-1843 MISC MISC MISC |
fanuc -- roboguide-handlingpro | FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. | 2023-06-07 | not yet calculated | CVE-2023-1864 MISC |
wordpress -- wordpress | The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges. | 2023-06-09 | not yet calculated | CVE-2023-1888 MISC MISC |
wordpress -- wordpress | The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. | 2023-06-09 | not yet calculated | CVE-2023-1889 MISC MISC |
wordpress -- wordpress | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2023-06-09 | not yet calculated | CVE-2023-1895 MISC MISC |
wordpress -- wordpress | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer's site. | 2023-06-09 | not yet calculated | CVE-2023-1910 MISC MISC |
wordpress -- wordpress | The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround. | 2023-06-09 | not yet calculated | CVE-2023-1917 MISC MISC MISC MISC |
wordpress -- wordpress | The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-1978 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. | 2023-06-07 | not yet calculated | CVE-2023-2001 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | 2023-06-07 | not yet calculated | CVE-2023-2013 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims. | 2023-06-07 | not yet calculated | CVE-2023-2015 MISC CONFIRM MISC |
wordpress -- wordpress | The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-2031 MISC MISC MISC |
wordpress -- wordpress | The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings, modify bulletins, create new bulletins, and more. | 2023-06-09 | not yet calculated | CVE-2023-2066 MISC MISC MISC |
wordpress -- wordpress | The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site's user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2067 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2083 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2084 MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2085 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2086 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2087 MISC MISC MISC |
aria -- operations_for_networks | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. | 2023-06-07 | not yet calculated | CVE-2023-20887 MISC |
aria -- operations_for_networks | Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | 2023-06-07 | not yet calculated | CVE-2023-20888 MISC |
aria -- operations_for_networks | Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 2023-06-07 | not yet calculated | CVE-2023-20889 MISC |
hashicorp_vault | Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. | 2023-06-09 | not yet calculated | CVE-2023-2121 MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. | 2023-06-06 | not yet calculated | CVE-2023-2132 MISC MISC CONFIRM |
imagemagick -- imagemagick | A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. | 2023-06-06 | not yet calculated | CVE-2023-2157 MISC |
wordpress -- wordpress | The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature. | 2023-06-09 | not yet calculated | CVE-2023-2159 MISC MISC MISC |
grafana-- grafana | Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix. | 2023-06-06 | not yet calculated | CVE-2023-2183 MISC MISC |
wordpress -- wordpress | The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2184 MISC MISC |
triangle_microworks -- scada_data_gateway | On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution. | 2023-06-07 | not yet calculated | CVE-2023-2186 MISC |
triangle_microworks -- scada_data_gateway | On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events. | 2023-06-07 | not yet calculated | CVE-2023-2187 MISC |
wordpress -- wordpress | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets. | 2023-06-09 | not yet calculated | CVE-2023-2189 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | 2023-06-07 | not yet calculated | CVE-2023-2198 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | 2023-06-07 | not yet calculated | CVE-2023-2199 MISC MISC CONFIRM |
wordpress -- wordpress | The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-2237 MISC MISC MISC |
advantech -- webaccess/scada | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | 2023-06-06 | not yet calculated | CVE-2023-22450 MISC |
wordpress -- wordpress | The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services. | 2023-06-09 | not yet calculated | CVE-2023-2249 MISC MISC MISC |
distribution/distribution -- distribution/distribution | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. | 2023-06-06 | not yet calculated | CVE-2023-2253 MISC |
wordpress -- wordpress | The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails. | 2023-06-09 | not yet calculated | CVE-2023-2261 MISC MISC MISC |
wordpress -- wordpress | The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes. | 2023-06-09 | not yet calculated | CVE-2023-2275 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3. | 2023-06-09 | not yet calculated | CVE-2023-2280 MISC MISC MISC |
palantir_foundry -- lime2 | Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. | 2023-06-06 | not yet calculated | CVE-2023-22833 MISC |
wordpress -- wordpress | The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings. | 2023-06-09 | not yet calculated | CVE-2023-2284 MISC MISC |
wordpress -- wordpress | The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2285 MISC MISC |
wordpress -- wordpress | The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2286 MISC MISC MISC |
wordpress -- wordpress | The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2289 MISC MISC |
wordpress -- wordpress | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-2305 MISC MISC MISC MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. | 2023-06-08 | not yet calculated | CVE-2023-23480 MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. | 2023-06-08 | not yet calculated | CVE-2023-23481 MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. | 2023-06-08 | not yet calculated | CVE-2023-23482 MISC MISC |
delta_electronics -- cncsoft-b_dopsoft | Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | 2023-06-07 | not yet calculated | CVE-2023-24014 MISC |
wordpress -- wordpress | The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2402 MISC MISC |
wordpress -- wordpress | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2404 MISC MISC MISC |
wordpress -- wordpress | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2405 MISC MISC MISC |
wordpress -- wordpress | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2406 MISC MISC MISC MISC |
wordpress -- wordpress | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2407 MISC MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript. | 2023-06-09 | not yet calculated | CVE-2023-2414 MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler. | 2023-06-03 | not yet calculated | CVE-2023-2415 MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2416 MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | 2023-06-07 | not yet calculated | CVE-2023-2442 MISC CONFIRM MISC |
ptc -- vufora_studio | An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | 2023-06-07 | not yet calculated | CVE-2023-24476 MISC |
wordpress -- wordpress | The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2450 MISC MISC MISC |
arista_networks -- arista_eos | On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | 2023-06-05 | not yet calculated | CVE-2023-24510 MISC |
wordpress -- wordpress | The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2452 MISC MISC MISC |
google.golang.org/protobuf -- google.golang.org/protobuf/encoding/prototext | Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. | 2023-06-08 | not yet calculated | CVE-2023-24535 MISC MISC MISC |
postgresql -- postgresql | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | 2023-06-09 | not yet calculated | CVE-2023-2454 MISC MISC |
postgresql -- postgresql | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | 2023-06-09 | not yet calculated | CVE-2023-2455 MISC MISC |
wordpress -- wordpress | The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-2484 MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. | 2023-06-07 | not yet calculated | CVE-2023-2485 CONFIRM MISC MISC |
wordpress -- wordpress | The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | not yet calculated | CVE-2023-2503 MISC |
delta_electronics -- cncsoft-b_dopsoft | Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | 2023-06-07 | not yet calculated | CVE-2023-25177 MISC |
wordpress -- wordpress | The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2526 MISC MISC MISC MISC |
puppet -- puppet_enterprise | A privilege escalation allowing remote code execution was discovered in the orchestration service. | 2023-06-07 | not yet calculated | CVE-2023-2530 MISC |
knime -- knime_business_hub | The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed. | 2023-06-07 | not yet calculated | CVE-2023-2541 MISC |
wordpress -- wordpress | The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username. | 2023-06-06 | not yet calculated | CVE-2023-2546 MISC MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher. | 2023-06-09 | not yet calculated | CVE-2023-2555 MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher. | 2023-06-09 | not yet calculated | CVE-2023-2556 MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher. | 2023-06-09 | not yet calculated | CVE-2023-2557 MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-2558 MISC MISC |
wordpress -- wordpress | The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | not yet calculated | CVE-2023-2571 MISC |
wordpress -- wordpress | The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | not yet calculated | CVE-2023-2572 MISC |
wordpress -- wordpress | The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2584 MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group. | 2023-06-07 | not yet calculated | CVE-2023-2589 MISC CONFIRM MISC |
wordpress -- wordpress | The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2599 MISC MISC MISC |
libcap -- libcap | A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. | 2023-06-06 | not yet calculated | CVE-2023-2602 MISC MISC |
libcap -- libcap | A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | 2023-06-06 | not yet calculated | CVE-2023-2603 MISC MISC |
wordpress -- wordpress | The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2604 MISC MISC |
wordpress -- wordpress | The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-2607 MISC MISC MISC |
dottie -- dottie | Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. | 2023-06-10 | not yet calculated | CVE-2023-26132 MISC MISC MISC |
wordpress -- wordpress | The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-05 | not yet calculated | CVE-2023-2634 MISC |
pegasystems -- pega_infinity | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | 2023-06-09 | not yet calculated | CVE-2023-26465 MISC |
wordpress -- wordpress | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root. | 2023-06-09 | not yet calculated | CVE-2023-2688 MISC MISC |
tp-link_tapo -- tp-link_tapo | The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | 2023-06-06 | not yet calculated | CVE-2023-27126 MISC MISC MISC |
wordpress -- wordpress | The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library. | 2023-06-09 | not yet calculated | CVE-2023-2764 MISC MISC MISC |
wordpress -- wordpress | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2767 MISC MISC |
bitwarden -- desktop | Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault. | 2023-06-09 | not yet calculated | CVE-2023-27706 MISC MISC MISC MISC |
ptc -- vuforia_studio | A user could use the “Upload Resource” functionality to upload files to any location on the disk. | 2023-06-07 | not yet calculated | CVE-2023-27881 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-27916 MISC |
zyxel -- nr7101 | A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | 2023-06-05 | not yet calculated | CVE-2023-27989 MISC |
grafana -- grafana | Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix. | 2023-06-06 | not yet calculated | CVE-2023-2801 MISC |
hashicorp -- consul | Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. | 2023-06-02 | not yet calculated | CVE-2023-2816 MISC |
wordpress -- wordpress | The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. | 2023-06-06 | not yet calculated | CVE-2023-2833 MISC MISC MISC MISC MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-28653 MISC |
advantech -- webaccess/scada | If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | 2023-06-07 | not yet calculated | CVE-2023-2866 MISC |
kubernetes -- secrets-store-csi-driver | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 2023-06-07 | not yet calculated | CVE-2023-2878 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2891 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2892 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2893 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2894 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2895 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2896 MISC MISC |
wordpress -- wordpress | The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality. | 2023-06-09 | not yet calculated | CVE-2023-2897 MISC MISC |
hid_global -- safe | The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition. | 2023-06-07 | not yet calculated | CVE-2023-2904 MISC MISC |
ptc -- vuforia_studio | By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | 2023-06-07 | not yet calculated | CVE-2023-29152 MISC |
ptc -- vuforia_studio | The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | 2023-06-07 | not yet calculated | CVE-2023-29168 MISC |
github.com/gin-gonic/gin -- github.com/gin-gonic/gin | The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header. | 2023-06-08 | not yet calculated | CVE-2023-29401 MISC MISC MISC MISC |
go_toolchain -- cmd/go | The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). | 2023-06-08 | not yet calculated | CVE-2023-29402 MISC MISC MISC MISC |
go_standard_library -- runtime | On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. | 2023-06-08 | not yet calculated | CVE-2023-29403 MISC MISC MISC MISC |
go_toolchain -- cmd/go | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. | 2023-06-08 | not yet calculated | CVE-2023-29404 MISC MISC MISC MISC |
go_toolchain -- cmd/go | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | 2023-06-08 | not yet calculated | CVE-2023-29405 MISC MISC MISC MISC |
ptc -- vuforia | Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | 2023-06-07 | not yet calculated | CVE-2023-29502 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-29503 MISC |
advancecomp -- advancecomp | A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability. | 2023-06-06 | not yet calculated | CVE-2023-2961 MISC |
prestashop -- jmsthemelayout | PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php. | 2023-06-05 | not yet calculated | CVE-2023-29629 MISC |
prestashop -- jmsmegamenu | PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php. | 2023-06-05 | not yet calculated | CVE-2023-29630 MISC |
prestashop -- jmsslider | PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. | 2023-06-05 | not yet calculated | CVE-2023-29631 MISC |
prestashop -- jmspagebuilder | PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. | 2023-06-06 | not yet calculated | CVE-2023-29632 MISC |
vade -- secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. | 2023-06-09 | not yet calculated | CVE-2023-29712 MISC MISC MISC |
vade -- secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. | 2023-06-09 | not yet calculated | CVE-2023-29713 MISC MISC MISC |
vade -- secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. | 2023-06-09 | not yet calculated | CVE-2023-29714 MISC MISC MISC |
yandex -- navigator | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29749 MISC |
yandex -- navigator | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29751 MISC |
facemoji -- emoji_keyboard | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | 2023-06-09 | not yet calculated | CVE-2023-29752 MISC |
facemoji -- emoji_keyboard | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29753 MISC |
google -- android | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29755 MISC |
google -- android | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29756 MISC |
google -- android | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29757 MISC |
google -- android | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29758 MISC |
google -- android | An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. | 2023-06-09 | not yet calculated | CVE-2023-29759 MISC |
google -- android | An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29761 MISC |
google -- android | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. | 2023-06-09 | not yet calculated | CVE-2023-29766 MISC |
google -- android | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | 2023-06-09 | not yet calculated | CVE-2023-29767 MISC |
wordpress -- wordpress | The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers. | 2023-06-08 | not yet calculated | CVE-2023-2986 MISC MISC MISC MISC |
mim_software_inc -- multiple_products | An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service. | 2023-06-09 | not yet calculated | CVE-2023-30262 MISC MISC MISC |
rhacm -- rhacm | The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created. | 2023-06-05 | not yet calculated | CVE-2023-3027 MISC |
anyka_microelectronics -- ak3918ev300_mcu | An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password. | 2023-06-07 | not yet calculated | CVE-2023-30400 MISC MISC |
xpdf -- xpdf | An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. | 2023-06-02 | not yet calculated | CVE-2023-3044 MISC MISC |
apache -- guacamole | Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. | 2023-06-07 | not yet calculated | CVE-2023-30575 MISC |
apache -- guacamole | Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process. | 2023-06-07 | not yet calculated | CVE-2023-30576 MISC |
mobatime -- mobatime_mobile_application_amxgt100 | Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | 2023-06-05 | not yet calculated | CVE-2023-3064 MISC |
mobatime -- mobatime_mobile_application_amxgt100 | Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | 2023-06-05 | not yet calculated | CVE-2023-3065 MISC |
mobatime -- mobatime_mobile_application_amxgt100 | Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | 2023-06-05 | not yet calculated | CVE-2023-3066 MISC |
google -- chrome | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-05 | not yet calculated | CVE-2023-3079 MISC MISC MISC MISC |
x-wrt_luci -- x-wrt_luci | A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663. | 2023-06-03 | not yet calculated | CVE-2023-3085 MISC MISC MISC MISC |
foundry -- comments | A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time. | 2023-06-06 | not yet calculated | CVE-2023-30948 MISC |
kylinsoft -- kylin | A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3096 MISC MISC MISC |
kylinsoft -- kylin | A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3097 MISC MISC MISC |
kylinsoft -- youker-assistant | A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3098 MISC MISC MISC |
kylinsoft -- youker-assistant | A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3099 MISC MISC MISC |
ibos -- ibos | A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-230690 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3100 MISC MISC MISC |
samsung -- exynos_modem | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application. | 2023-06-07 | not yet calculated | CVE-2023-31114 MISC |
samsung -- exynos_modem | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application. | 2023-06-07 | not yet calculated | CVE-2023-31115 MISC |
samsung -- exynos_modem | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application. | 2023-06-07 | not yet calculated | CVE-2023-31116 MISC |
ptc -- vuforia | PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | 2023-06-07 | not yet calculated | CVE-2023-31200 MISC |
dahua -- smart_parking_management | A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-06 | not yet calculated | CVE-2023-3121 MISC MISC MISC |
wordpress -- wordpress | The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. | 2023-06-07 | not yet calculated | CVE-2023-3124 MISC MISC |
horner_automation -- multiple_products | The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. | 2023-06-06 | not yet calculated | CVE-2023-31244 MISC |
wordpress -- wordpress | The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site. | 2023-06-07 | not yet calculated | CVE-2023-3125 MISC MISC MISC |
wordpress -- wordpress | The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site. | 2023-06-07 | not yet calculated | CVE-2023-3126 MISC MISC MISC |
horner_automation -- multiple_products | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-31278 MISC |
knime -- knime_business_hub | Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. | 2023-06-07 | not yet calculated | CVE-2023-3140 MISC |
linux -- kernel | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | 2023-06-09 | not yet calculated | CVE-2023-3141 MISC |
microweber -- microweber/microweber | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | 2023-06-07 | not yet calculated | CVE-2023-3142 CONFIRM MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | 2023-06-07 | not yet calculated | CVE-2023-3143 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3144 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3145 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015. | 2023-06-07 | not yet calculated | CVE-2023-3146 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231016. | 2023-06-07 | not yet calculated | CVE-2023-3147 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects some unknown processing of the file admin\posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231017 was assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3148 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231018 is the identifier assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3149 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231019. | 2023-06-07 | not yet calculated | CVE-2023-3150 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231020. | 2023-06-07 | not yet calculated | CVE-2023-3151 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3152 MISC MISC MISC |
totolink -- x5000r | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | 2023-06-06 | not yet calculated | CVE-2023-31569 MISC MISC MISC MISC |
ruby_gem -- ruby_gem | A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2023-06-06 | not yet calculated | CVE-2023-31606 MISC MISC MISC |
y_project -- ruoyi | A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-3163 MISC MISC MISC |
sourcecodester -- life_insurance_management_sys | A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-3165 MISC MISC MISC |
froxlor -- froxlor | Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | 2023-06-09 | not yet calculated | CVE-2023-3172 CONFIRM MISC |
froxlor -- froxlor | Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | 2023-06-09 | not yet calculated | CVE-2023-3173 MISC CONFIRM |
sourcecodester -- lost_and_found_information_system | A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability. | 2023-06-09 | not yet calculated | CVE-2023-3176 MISC MISC MISC |
sourcecodester -- lost_and_found_information_system | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151. | 2023-06-09 | not yet calculated | CVE-2023-3177 MISC MISC MISC |
sourcecodester -- performance_indicator_system | A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163. | 2023-06-09 | not yet calculated | CVE-2023-3183 MISC MISC MISC |
sourcecodester -- sales_tracker_management_system | A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164. | 2023-06-09 | not yet calculated | CVE-2023-3184 MISC MISC MISC |
phpgurukul --teachers_record_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176. | 2023-06-09 | not yet calculated | CVE-2023-3187 MISC MISC MISC |
owncast -- owncast | Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. | 2023-06-10 | not yet calculated | CVE-2023-3188 CONFIRM MISC |
telefnica_brasil -- vivo_play_iptv | Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | 2023-06-05 | not yet calculated | CVE-2023-31893 MISC MISC |
nilsteampassnet -- teampass | Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-10 | not yet calculated | CVE-2023-3190 CONFIRM MISC |
nilsteampassnet -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-10 | not yet calculated | CVE-2023-3191 MISC CONFIRM |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32203 MISC |
sailpoint -- identityiq | IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | 2023-06-05 | not yet calculated | CVE-2023-32217 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32281 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32289 MISC |
umbraco -- umbracoidentityextensions | UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible. | 2023-06-09 | not yet calculated | CVE-2023-32312 MISC MISC MISC MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32539 MISC |
advantech -- webaccess/scada | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | 2023-06-06 | not yet calculated | CVE-2023-32540 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32545 MISC |
canonical_ltd. -- landscape | Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. | 2023-06-06 | not yet calculated | CVE-2023-32549 MISC |
canonical_ltd. -- landscape | Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | 2023-06-06 | not yet calculated | CVE-2023-32550 MISC |
canonical_ltd. -- landscape | Landscape allowed URLs which caused open redirection. | 2023-06-06 | not yet calculated | CVE-2023-32551 MISC |
advantech -- webaccess/scada | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | 2023-06-06 | not yet calculated | CVE-2023-32628 MISC |
matrix-org -- synapse | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade. | 2023-06-06 | not yet calculated | CVE-2023-32682 MISC MISC MISC MISC MISC MISC |
matrix-org -- synapse | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews. | 2023-06-06 | not yet calculated | CVE-2023-32683 MISC MISC |
google -- grpc | When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309 | 2023-06-09 | not yet calculated | CVE-2023-32731 MISC |
google -- grpc | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url | 2023-06-09 | not yet calculated | CVE-2023-32732 MISC |
abstrium -- pydio_cells | Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted. | 2023-06-08 | not yet calculated | CVE-2023-32749 MISC MISC FULLDISC MISC |
abstrium -- pydio_cells | Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells. | 2023-06-08 | not yet calculated | CVE-2023-32750 MISC MISC |
abstrium -- pydio_cells | Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-32751 MISC MISC |
marval -- marval_msm | Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application. | 2023-06-07 | not yet calculated | CVE-2023-33282 MISC MISC |
marval -- marval_msm | Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key. | 2023-06-07 | not yet calculated | CVE-2023-33283 MISC |
marval -- marval_msm | Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server. | 2023-06-07 | not yet calculated | CVE-2023-33284 MISC |
mitrastar-- gpt-2741gnac | A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function. | 2023-06-06 | not yet calculated | CVE-2023-33381 MISC MISC MISC |
besder -- ip_camera | Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints. | 2023-06-08 | not yet calculated | CVE-2023-33443 MISC |
sogou -- workflow | In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. | 2023-06-06 | not yet calculated | CVE-2023-33457 MISC |
lloyd -- yajl | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. | 2023-06-06 | not yet calculated | CVE-2023-33460 MISC |
harmonic -- nsg_90006g | In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. | 2023-06-06 | not yet calculated | CVE-2023-33477 MISC |
xuxueli -- xxl-rpc | xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode. | 2023-06-07 | not yet calculated | CVE-2023-33496 MISC |
alist -- alist | alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | 2023-06-07 | not yet calculated | CVE-2023-33498 MISC |
jeecg -- p3_biz_chat | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | 2023-06-07 | not yet calculated | CVE-2023-33510 MISC |
emoncms -- emoncms | emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. | 2023-06-05 | not yet calculated | CVE-2023-33518 MISC |
tenda -- g103 | There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges. | 2023-06-06 | not yet calculated | CVE-2023-33530 MISC MISC |
netgear -- r6250 | There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. | 2023-06-06 | not yet calculated | CVE-2023-33532 MISC MISC |
netgear -- d6220 | Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges. | 2023-06-06 | not yet calculated | CVE-2023-33533 MISC MISC |
tp-link -- tw-wr940n | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. | 2023-06-07 | not yet calculated | CVE-2023-33536 MISC |
tp-link -- tw-wr940n | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. | 2023-06-07 | not yet calculated | CVE-2023-33537 MISC |
tp-link -- tw-wr940n | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | 2023-06-07 | not yet calculated | CVE-2023-33538 MISC |
planet_technologies -- wdrt-1800ax | An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. | 2023-06-07 | not yet calculated | CVE-2023-33553 MISC MISC |
totolink -- a7100ru | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | 2023-06-07 | not yet calculated | CVE-2023-33556 MISC |
fuel_cms -- fuel_cms | Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | 2023-06-09 | not yet calculated | CVE-2023-33557 MISC MISC |
sourcecodester -- faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. | 2023-06-06 | not yet calculated | CVE-2023-33569 MISC |
cpython -- cpython | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | 2023-06-07 | not yet calculated | CVE-2023-33595 MISC MISC |
phpok -- phpok | An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | 2023-06-07 | not yet calculated | CVE-2023-33601 MISC |
imperial_cms -- imperial_cms | Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request. | 2023-06-07 | not yet calculated | CVE-2023-33604 MISC |
axtls -- axtls | axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key. | 2023-06-06 | not yet calculated | CVE-2023-33613 MISC |
sitecore -- experience_platform | An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules. | 2023-06-06 | not yet calculated | CVE-2023-33651 MISC MISC |
sitecore -- experience_platform | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. | 2023-06-06 | not yet calculated | CVE-2023-33652 MISC |
sitecore -- experience_platform | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML. | 2023-06-06 | not yet calculated | CVE-2023-33653 MISC |
nanomq -- nanomq | A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack. | 2023-06-08 | not yet calculated | CVE-2023-33657 MISC MISC MISC |
nanomq -- nanomq | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack. | 2023-06-08 | not yet calculated | CVE-2023-33658 MISC MISC MISC |
nanomq -- nanomq | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | 2023-06-06 | not yet calculated | CVE-2023-33659 MISC MISC MISC |
nanomq -- nanomq | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | 2023-06-08 | not yet calculated | CVE-2023-33660 MISC MISC MISC |
db_elettronica_telecomunicazioni -- spa_sft_dab 600/c | Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol. | 2023-06-06 | not yet calculated | CVE-2023-33684 MISC |
sonicjs -- sonicjs | SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | 2023-06-05 | not yet calculated | CVE-2023-33690 MISC MISC |
easyplayerpro-win -- easyplayerpro-win | A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. | 2023-06-05 | not yet calculated | CVE-2023-33693 MISC MISC MISC |
cloudpanel -- cloudpanel | CloudPanel v2.2.2 allows attackers to execute a path traversal. | 2023-06-06 | not yet calculated | CVE-2023-33747 MISC MISC MISC MISC MISC MISC |
d-link -- dir-842v2 | An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. | 2023-06-07 | not yet calculated | CVE-2023-33781 MISC MISC MISC MISC |
d-link -- dir-842v2 | D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | 2023-06-07 | not yet calculated | CVE-2023-33782 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100. | 2023-06-08 | not yet calculated | CVE-2023-33846 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. | 2023-06-08 | not yet calculated | CVE-2023-33847 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104. | 2023-06-07 | not yet calculated | CVE-2023-33848 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105. | 2023-06-07 | not yet calculated | CVE-2023-33849 MISC MISC MISC MISC |
renderdoc -- renderdoc | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2). | 2023-06-07 | not yet calculated | CVE-2023-33863 MISC MISC FULLDISC MISC |
renderdoc -- renderdoc | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2). | 2023-06-07 | not yet calculated | CVE-2023-33864 MISC MISC FULLDISC MISC |
renderdoc -- renderdoc | RenderDoc through 1.26 allows local privilege escalation via a symlink attack. | 2023-06-07 | not yet calculated | CVE-2023-33865 MISC MISC FULLDISC MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-33956 MISC MISC |
notaryproject -- notation | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | 2023-06-06 | not yet calculated | CVE-2023-33957 MISC MISC |
notaryproject -- notation | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | 2023-06-06 | not yet calculated | CVE-2023-33958 MISC MISC |
notaryproject -- notation | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | 2023-06-06 | not yet calculated | CVE-2023-33959 MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-33968 MISC MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config. | 2023-06-05 | not yet calculated | CVE-2023-33969 MISC MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-33970 MISC MISC |
kiwi_tcms -- kiwi_tcms | Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. The upload validation checks were not 100% robust which left the possibility to circumvent them and upload a potentially dangerous file which allows execution of arbitrary JavaScript in the browser. Additionally we've discovered that Nginx's `proxy_pass` directive will strip some headers negating protections built into Kiwi TCMS when served behind a reverse proxy. This issue has been addressed in version 12.4. Users are advised to upgrade. Users unable to upgrade who are serving Kiwi TCMS behind a reverse proxy should make sure that additional header values are still passed to the client browser. If they aren't redefining them inside the proxy configuration. | 2023-06-06 | not yet calculated | CVE-2023-33977 MISC MISC MISC MISC MISC |
thruk -- thruk | Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2. | 2023-06-08 | not yet calculated | CVE-2023-34096 MISC MISC MISC MISC MISC MISC MISC MISC |
hoppscotch -- hoppscotch | hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-34097 MISC MISC |
contiki-ng -- contiki-ng | Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`. | 2023-06-09 | not yet calculated | CVE-2023-34100 MISC MISC |
avo -- avo | Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made. | 2023-06-05 | not yet calculated | CVE-2023-34102 MISC MISC |
avo -- avo | Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation. | 2023-06-05 | not yet calculated | CVE-2023-34103 MISC MISC |
fast-xml-parser -- fast-xml-parser | fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option. | 2023-06-06 | not yet calculated | CVE-2023-34104 MISC MISC |
mailcow -- mailcow | mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the `passwd-verify.lua` script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of "password= | 2023-06-07 | not yet calculated | CVE-2023-34108 MISC MISC MISC |
zxcvbn-ts -- zxcvbn-ts | zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function. | 2023-06-07 | not yet calculated | CVE-2023-34109 MISC MISC |
taosdata -- grafanaplugin | The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources. | 2023-06-06 | not yet calculated | CVE-2023-34111 MISC MISC MISC |
bytedeco -- javacpp-presets | JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution. | 2023-06-09 | not yet calculated | CVE-2023-34112 MISC MISC |
snowflake-connector -- snowflake-connector | snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue. | 2023-06-08 | not yet calculated | CVE-2023-34230 MISC |
snowflake-connector -- snowflake-connector | gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19. | 2023-06-08 | not yet calculated | CVE-2023-34231 MISC MISC MISC |
snowflake-connector -- snowflake-connector | snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue. | 2023-06-08 | not yet calculated | CVE-2023-34232 MISC MISC MISC MISC |
snowflake-connector -- snowflake-connector | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue. | 2023-06-08 | not yet calculated | CVE-2023-34233 MISC MISC MISC |
openzeppelin -- openzeppelin-contracts | OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround. | 2023-06-07 | not yet calculated | CVE-2023-34234 MISC MISC |
sabnzbd -- sabnzbd | SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible. | 2023-06-07 | not yet calculated | CVE-2023-34237 MISC MISC MISC MISC |
gatsby -- gatsby | Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `[email protected]` and `[email protected]` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet. | 2023-06-08 | not yet calculated | CVE-2023-34238 MISC MISC MISC |
gradio -- gradio | Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-34239 MISC MISC MISC |
tgstation -- tgstation | TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban. | 2023-06-08 | not yet calculated | CVE-2023-34243 MISC MISC |
udecode -- plate | @udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `['http', 'https', 'mailto', 'tel']`. URLs using a scheme that isn't in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements. | 2023-06-09 | not yet calculated | CVE-2023-34245 MISC MISC |
progress -- moveit_transfer | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. | 2023-06-02 | not yet calculated | CVE-2023-34362 MISC |
progress -- datadirect_connect | An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used. | 2023-06-09 | not yet calculated | CVE-2023-34363 MISC CONFIRM |
progress -- datadirect_connect | A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code. | 2023-06-09 | not yet calculated | CVE-2023-34364 MISC CONFIRM |
percona -- percona_monitoring_and_management | In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. | 2023-06-06 | not yet calculated | CVE-2023-34409 MISC |
qt -- qt | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | 2023-06-05 | not yet calculated | CVE-2023-34410 MISC MISC |
xml-rs_crate -- xml-rs_crate | The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid | 2023-06-05 | not yet calculated | CVE-2023-34411 MISC MISC MISC MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo. | 2023-06-08 | not yet calculated | CVE-2023-34566 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | 2023-06-08 | not yet calculated | CVE-2023-34567 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. | 2023-06-08 | not yet calculated | CVE-2023-34568 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | 2023-06-08 | not yet calculated | CVE-2023-34569 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName. | 2023-06-08 | not yet calculated | CVE-2023-34570 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. | 2023-06-08 | not yet calculated | CVE-2023-34571 MISC |
d-link -- di-7500g | A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | 2023-06-09 | not yet calculated | CVE-2023-34856 MISC |
chamilo -- chamilo | Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. | 2023-06-08 | not yet calculated | CVE-2023-34958 MISC MISC |
chamilo -- chamilo | An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools. | 2023-06-08 | not yet calculated | CVE-2023-34959 MISC MISC MISC MISC |
chamilo -- chamilo | Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. | 2023-06-08 | not yet calculated | CVE-2023-34961 MISC MISC |
chamilo -- chamilo | Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. | 2023-06-08 | not yet calculated | CVE-2023-34962 MISC MISC MISC |
d-bus -- d-bus | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. | 2023-06-08 | not yet calculated | CVE-2023-34969 MISC |
https://www.cisa.gov/news-events/bulletins/sb23-163
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress -- wordpress | A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651. | 2023-06-04 | 9.8 | CVE-2015-10111 MISC MISC MISC |
wordpress -- wordpress | The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default. | 2023-06-03 | 9.8 | CVE-2023-2781 MISC MISC MISC MISC |
wddgroup -- fantsy | Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-28698 MISC |
elite -- webfax | ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service. | 2023-06-02 | 9.8 | CVE-2023-28701 MISC |
thethaiger -- the_thaiger | An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. | 2023-06-02 | 9.8 | CVE-2023-29746 MISC MISC MISC MISC |
erikogluteknoloji -- energy_monitoring | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. | 2023-06-02 | 9.8 | CVE-2023-3000 MISC |
iuok -- yfcmf-tp6 | A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability. | 2023-06-02 | 9.8 | CVE-2023-3056 MISC MISC MISC |
iuok -- yfcmf-tp6 | A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543. | 2023-06-02 | 9.8 | CVE-2023-3057 MISC MISC MISC |
online_exam_form_submission_project -- online_exam_form_submission | A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability. | 2023-06-02 | 9.8 | CVE-2023-3059 MISC MISC MISC |
hitrontech -- coda-5310_firmware | Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-30603 MISC |
hitrontech -- coda-5310_firmware | It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-30604 MISC |
agro-school_management_system_project -- agro-school_management_system | A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567. | 2023-06-02 | 9.8 | CVE-2023-3061 MISC MISC MISC |
agro-school_management_system_project -- agro-school_management_system | A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568. | 2023-06-02 | 9.8 | CVE-2023-3062 MISC MISC MISC |
retro_cellphone_online_store_project -- retro_cellphone_online_store | A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230580. | 2023-06-02 | 9.8 | CVE-2023-3068 MISC MISC MISC |
corebos -- corebos | Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 9.8 | CVE-2023-3069 MISC CONFIRM |
agro-school_management_system_project -- agro-school_management_system | A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230670 is the identifier assigned to this vulnerability. | 2023-06-04 | 9.8 | CVE-2023-3094 MISC MISC MISC |
marsctf_project -- marsctf | MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. | 2023-06-05 | 9.8 | CVE-2023-33386 MISC MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. | 2023-06-02 | 9.8 | CVE-2023-33669 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. | 2023-06-02 | 9.8 | CVE-2023-33670 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | 2023-06-02 | 9.8 | CVE-2023-33671 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2023-06-02 | 9.8 | CVE-2023-33673 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. | 2023-06-02 | 9.8 | CVE-2023-33675 MISC |
simpleredak -- simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. | 2023-06-02 | 9.8 | CVE-2023-33762 MISC |
xfinity -- comcast_defined_technologies_microeisbss | An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation.. | 2023-06-02 | 9 | CVE-2022-45938 MISC MISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | 9 | CVE-2023-3086 CONFIRM MISC |
wordpress -- wordpress | A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability. | 2023-06-04 | 8.8 | CVE-2013-10027 MISC MISC MISC |
sguda -- u-lock_firmware | SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks. | 2023-06-02 | 8.8 | CVE-2022-46307 MISC |
sguda -- u-lock_firmware | SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information. | 2023-06-02 | 8.8 | CVE-2022-46308 MISC |
ibm -- security_guardium | IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657. | 2023-06-05 | 8.8 | CVE-2023-0041 MISC MISC |
mozilla -- firefox_esr | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-0767 MISC MISC MISC MISC |
connect_line -- mbconnect24 | An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account. | 2023-06-06 | 8.8 | CVE-2023-0985 MISC |
wordpress -- wordpress | The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-02 | 8.8 | CVE-2023-2201 MISC MISC |
mozilla -- firefox | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 8.8 | CVE-2023-23605 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109. | 2023-06-02 | 8.8 | CVE-2023-23606 MISC MISC |
mozilla -- firefox_esr | Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals . This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25729 MISC MISC MISC MISC |
mozilla -- firefox | Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. | 2023-06-02 | 8.8 | CVE-2023-25731 MISC MISC |
mozilla -- firefox_esr | When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25732 MISC MISC MISC MISC |
mozilla -- firefox_esr | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25735 MISC MISC MISC MISC |
mozilla -- firefox_esr | An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25737 MISC MISC MISC MISC |
mozilla -- firefox_esr | Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext . This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25739 MISC MISC MISC MISC |
mozilla -- firefox | After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. | 2023-06-02 | 8.8 | CVE-2023-25740 MISC MISC |
mozilla -- firefox_esr | Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25744 MISC MISC MISC |
mozilla -- firefox | Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110. | 2023-06-02 | 8.8 | CVE-2023-25745 MISC MISC |
mozilla -- firefox_esr | Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. | 2023-06-02 | 8.8 | CVE-2023-25746 MISC MISC MISC |
southrivertech -- titan_ftp_server_nextgen | An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. | 2023-06-02 | 8.8 | CVE-2023-27745 MISC MISC |
mozilla -- firefox | If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. | 2023-06-02 | 8.8 | CVE-2023-28161 MISC MISC |
mozilla -- firefox | While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 8.8 | CVE-2023-28162 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 8.8 | CVE-2023-28176 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. | 2023-06-02 | 8.8 | CVE-2023-28177 MISC MISC |
wddgroup -- fantasy | Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | 2023-06-02 | 8.8 | CVE-2023-28699 MISC |
asus -- rt-ac86u_firmware | ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service. | 2023-06-02 | 8.8 | CVE-2023-28702 MISC |
furbo -- dog_camera_firmware | Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service. | 2023-06-02 | 8.8 | CVE-2023-28704 MISC |
mozilla -- thunderbird | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 8.8 | CVE-2023-29536 MISC MISC MISC MISC |
mozilla -- thunderbird | Firefox did not properly handle downloads of files ending in .desktop , which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 8.8 | CVE-2023-29541 MISC MISC MISC MISC |
mozilla -- focus | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 8.8 | CVE-2023-29543 MISC MISC |
mozilla -- thunderbird | Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 8.8 | CVE-2023-29550 MISC MISC MISC MISC |
mozilla -- focus | Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 8.8 | CVE-2023-29551 MISC MISC |
mobatime -- mobatime_web_application | Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22. | 2023-06-02 | 8.8 | CVE-2023-3032 MISC |
mobatime -- mobatime_web_application | Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22. | 2023-06-02 | 8.8 | CVE-2023-3033 MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 8.8 | CVE-2023-3052 MISC MISC MISC MISC MISC MISC |
service_provider_management_system_project -- service_provider_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230798 is the identifier assigned to this vulnerability. | 2023-06-06 | 8.8 | CVE-2023-3119 MISC MISC MISC |
mozilla -- firefox | When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 8.8 | CVE-2023-32213 MISC MISC MISC MISC |
mozilla -- firefox | Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 8.8 | CVE-2023-32215 MISC MISC MISC MISC |
minical -- minical | Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file. | 2023-06-05 | 8.8 | CVE-2023-33410 MISC MISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | 8.7 | CVE-2023-3083 MISC CONFIRM |
mozilla -- firefox | After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 8.1 | CVE-2023-25734 MISC MISC MISC MISC MISC MISC MISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | 8.1 | CVE-2023-3084 MISC CONFIRM |
qualcomm -- csr8811_firmware | Memory corruption in Linux Networking due to double free while handling a hyp-assign. | 2023-06-06 | 7.8 | CVE-2022-40522 MISC |
qualcomm -- aqt1000_firmware | Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 2023-06-06 | 7.8 | CVE-2022-40529 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2022-48390 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2022-48392 MISC |
qualcomm -- apq8017_firmware | Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. | 2023-06-06 | 7.8 | CVE-2023-21628 MISC |
qualcomm -- apq8064au_firmware | Memory corruption in Automotive GPU while querying a gsl memory node. | 2023-06-06 | 7.8 | CVE-2023-21632 MISC |
qualcomm -- ar8035_firmware | Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 2023-06-06 | 7.8 | CVE-2023-21656 MISC |
qualcomm -- csra6620_firmware | Memoru corruption in Audio when ADSP sends input during record use case. | 2023-06-06 | 7.8 | CVE-2023-21657 MISC |
qualcomm -- 315_5g_iot_modem_firmware | Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | 2023-06-06 | 7.8 | CVE-2023-21670 MISC |
ibm -- aspera_cargo | IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. | 2023-06-05 | 7.8 | CVE-2023-27285 MISC MISC |
southrivertech -- titan_ftp_server_nextgen | An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. | 2023-06-02 | 7.8 | CVE-2023-27744 MISC MISC |
bt21_x_bts_wallpaper_project -- bt21_x_bts_wallpaper | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | 2023-06-02 | 7.8 | CVE-2023-29724 MISC MISC MISC |
google -- android | In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2023-30863 MISC |
google -- android | In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-06-06 | 7.8 | CVE-2023-30864 MISC |
linux -- linux_kernel | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | 2023-06-05 | 7.8 | CVE-2023-3111 MISC |
reportlab -- reportlab | Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | 2023-06-05 | 7.8 | CVE-2023-33733 MISC |
emlog -- emlog | *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | 2023-06-05 | 7.5 | CVE-2020-19028 MISC MISC |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | 2023-06-06 | 7.5 | CVE-2022-40536 MISC |
qualcomm -- ar8035_firmware | Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. | 2023-06-06 | 7.5 | CVE-2022-40538 MISC |
qualcomm -- ar8035_firmware | Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. | 2023-06-06 | 7.5 | CVE-2023-21658 MISC |
qualcomm -- 315_5g_iot_modem_firmware | Transient DOS in WLAN Firmware while processing frames with missing header fields. | 2023-06-06 | 7.5 | CVE-2023-21659 MISC |
qualcomm -- csr8811_firmware | Transient DOS in WLAN Firmware while parsing FT Information Elements. | 2023-06-06 | 7.5 | CVE-2023-21660 MISC |
qualcomm -- ar8035_firmware | Transient DOS while parsing WLAN beacon or probe-response frame. | 2023-06-06 | 7.5 | CVE-2023-21661 MISC |
qualcomm -- aqt1000_firmware | Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address. | 2023-06-06 | 7.5 | CVE-2023-21669 MISC |
ibm -- aspera_cargo | IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107. | 2023-06-05 | 7.5 | CVE-2023-22862 MISC MISC |
mozilla -- firefox_focus | A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome. *This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | 2023-06-02 | 7.5 | CVE-2023-25743 MISC MISC MISC |
mozilla -- focus | Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 7.5 | CVE-2023-29537 MISC MISC MISC MISC |
hitrontech -- coda-5310_firmware | Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator. | 2023-06-02 | 7.5 | CVE-2023-30602 MISC |
microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-06-03 | 7.5 | CVE-2023-33143 MISC |
tenda -- ac8_firmware | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 2023-06-02 | 7.5 | CVE-2023-33672 MISC |
harbingergroup -- office_player | OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. | 2023-06-05 | 7.5 | CVE-2023-34407 MISC |
microsoft -- office | Microsoft Office Remote Code Execution Vulnerability | 2023-06-05 | 7.3 | CVE-2023-29344 MISC |
hitrontech -- coda-5310_firmware | Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | 2023-06-02 | 7.2 | CVE-2022-47616 MISC |
hitrontech -- coda-5310_firmware | Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | 2023-06-02 | 7.2 | CVE-2022-47617 MISC |
asus -- rt-ac86u_firmware | ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service. | 2023-06-02 | 7.2 | CVE-2023-28703 MISC |
service_provider_management_system_project -- service_provider_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799. | 2023-06-06 | 7.2 | CVE-2023-3120 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
itpison -- omicard_edm | OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | 2023-06-02 | 6.8 | CVE-2023-28700 MISC |
linuxfoundation -- iot-yocto | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796914; Issue ID: ALPS07796914. | 2023-06-06 | 6.7 | CVE-2023-20712 MISC |
linuxfoundation -- iot-yocto | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900. | 2023-06-06 | 6.7 | CVE-2023-20715 MISC |
linuxfoundation -- iot-yocto | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883. | 2023-06-06 | 6.7 | CVE-2023-20716 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845. | 2023-06-06 | 6.7 | CVE-2023-20723 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841. | 2023-06-06 | 6.7 | CVE-2023-20724 MISC |
rdkcentral -- rdk-b | In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only). | 2023-06-06 | 6.7 | CVE-2023-20725 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480. | 2023-06-06 | 6.7 | CVE-2023-20732 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149. | 2023-06-06 | 6.7 | CVE-2023-20733 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645184. | 2023-06-06 | 6.7 | CVE-2023-20734 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178. | 2023-06-06 | 6.7 | CVE-2023-20735 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167. | 2023-06-06 | 6.7 | CVE-2023-20737 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173. | 2023-06-06 | 6.7 | CVE-2023-20738 MISC |
google -- android | In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559819. | 2023-06-06 | 6.7 | CVE-2023-20739 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559840. | 2023-06-06 | 6.7 | CVE-2023-20740 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142. | 2023-06-06 | 6.7 | CVE-2023-20743 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200. | 2023-06-06 | 6.7 | CVE-2023-20744 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694. | 2023-06-06 | 6.7 | CVE-2023-20745 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217. | 2023-06-06 | 6.7 | CVE-2023-20746 MISC |
google -- android | In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926. | 2023-06-06 | 6.7 | CVE-2023-20749 MISC |
google -- android | In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502. | 2023-06-06 | 6.7 | CVE-2023-20751 MISC |
google -- android | In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586. | 2023-06-06 | 6.7 | CVE-2023-20752 MISC |
mozilla -- thunderbird | Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. | 2023-06-02 | 6.5 | CVE-2023-0430 MISC MISC |
mozilla -- thunderbird | OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-0547 MISC MISC |
mozilla -- thunderbird | If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. | 2023-06-02 | 6.5 | CVE-2023-0616 MISC MISC |
mozilla -- thunderbird | Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. | 2023-06-02 | 6.5 | CVE-2023-1945 MISC MISC MISC |
mozilla -- firefox | A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. | 2023-06-02 | 6.5 | CVE-2023-23597 MISC MISC |
mozilla -- firefox | Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData . This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23598 MISC MISC MISC MISC |
mozilla -- firefox | When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23599 MISC MISC MISC MISC |
mozilla -- firefox | Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 109. | 2023-06-02 | 6.5 | CVE-2023-23600 MISC MISC |
mozilla -- firefox | Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23601 MISC MISC MISC MISC |
mozilla -- firefox | A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23602 MISC MISC MISC MISC |
mozilla -- firefox | Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | 6.5 | CVE-2023-23603 MISC MISC MISC MISC |
mozilla -- firefox | A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString . This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. | 2023-06-02 | 6.5 | CVE-2023-23604 MISC MISC |
mozilla -- firefox_esr | The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 6.5 | CVE-2023-25728 MISC MISC MISC MISC |
mozilla -- firefox | Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 6.5 | CVE-2023-25738 MISC MISC MISC MISC |
mozilla -- firefox | When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110. | 2023-06-02 | 6.5 | CVE-2023-25741 MISC MISC MISC MISC |
mozilla -- firefox_esr | When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 6.5 | CVE-2023-25742 MISC MISC MISC MISC |
mozilla -- firefox | Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-25751 MISC MISC MISC MISC |
mozilla -- firefox | When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-25752 MISC MISC MISC MISC |
mozilla -- firefox | When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. | 2023-06-02 | 6.5 | CVE-2023-28160 MISC MISC |
mozilla -- firefox | When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-28163 MISC MISC MISC MISC |
mozilla -- firefox | Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | 6.5 | CVE-2023-28164 MISC MISC MISC MISC |
mozilla -- thunderbird | A website could have obscured the fullscreen notification by using a combination of window.open , fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29533 MISC MISC MISC MISC MISC |
mozilla -- thunderbird | Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29535 MISC MISC MISC MISC |
mozilla -- thunderbird | When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29539 MISC MISC MISC MISC |
mozilla -- focus | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.5 | CVE-2023-29544 MISC MISC |
mozilla -- focus | When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.5 | CVE-2023-29547 MISC MISC |
mozilla -- thunderbird | A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | 6.5 | CVE-2023-29548 MISC MISC MISC MISC |
mozilla -- focus | Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.5 | CVE-2023-29549 MISC MISC |
corebos -- corebos | Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 6.5 | CVE-2023-3075 CONFIRM MISC |
teampass -- teampass | Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-04 | 6.5 | CVE-2023-3095 CONFIRM MISC |
mozilla -- firefox | In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32205 MISC MISC MISC MISC MISC |
mozilla -- firefox | An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32206 MISC MISC MISC MISC |
mozilla -- firefox | A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32207 MISC MISC MISC MISC |
mozilla -- firefox | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 6.5 | CVE-2023-32211 MISC MISC MISC MISC |
minical -- minical | Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | 2023-06-05 | 6.5 | CVE-2023-33409 MISC MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189. | 2023-06-06 | 6.4 | CVE-2023-20736 MISC |
wordpress -- wordpress | A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660. | 2023-06-04 | 6.1 | CVE-2013-10028 MISC MISC MISC |
wordpress -- wordpress | A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659. | 2023-06-05 | 6.1 | CVE-2014-125105 MISC MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392. | 2023-06-02 | 6.1 | CVE-2015-10110 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability. | 2023-06-05 | 6.1 | CVE-2015-10113 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability. | 2023-06-05 | 6.1 | CVE-2015-10114 MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 6.1 | CVE-2023-2298 MISC MISC MISC |
vcita -- contact_form_builder_by_vcita | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 6.1 | CVE-2023-2301 MISC MISC MISC |
vcita -- contact_form_and_calls_to_action_by_vcita | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 6.1 | CVE-2023-2303 MISC MISC MISC |
wordpress -- wordpress | The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | 6.1 | CVE-2023-2337 MISC |
wordpress -- wordpress | The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | 6.1 | CVE-2023-2472 MISC |
wordpress -- wordpress | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | 6.1 | CVE-2023-2488 MISC |
wordpress -- wordpress | The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-02 | 6.1 | CVE-2023-2835 MISC MISC MISC |
openfind -- mail2000 | Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack. | 2023-06-02 | 6.1 | CVE-2023-28705 MISC |
microsoft -- microsoft_edge | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-06-07 | 6.1 | CVE-2023-29345 MISC |
mozilla -- focus | Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols . This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 6.1 | CVE-2023-29540 MISC MISC |
gitpod -- gitpod | Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). | 2023-06-05 | 6.1 | CVE-2023-32766 MISC MISC MISC MISC MISC MISC |
escanav -- escan_management_console | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | 2023-06-02 | 6.1 | CVE-2023-33731 MISC MISC |
simpleredak -- simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. | 2023-06-02 | 6.1 | CVE-2023-33761 MISC |
simpleredak -- simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. | 2023-06-02 | 6.1 | CVE-2023-33763 MISC |
ibm -- maximo_application_suite | IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208. | 2023-06-05 | 5.9 | CVE-2023-27861 MISC MISC |
status -- powerbpm | It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence. | 2023-06-02 | 5.7 | CVE-2023-25780 MISC |
qualcomm -- 9205_lte_modem_firmware | Information disclosure in Kernel due to indirect branch misprediction. | 2023-06-06 | 5.5 | CVE-2022-40523 MISC |
qualcomm -- csr8811_firmware | Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis. | 2023-06-06 | 5.5 | CVE-2022-40525 MISC |
qualcomm -- csra6620_firmware | Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. | 2023-06-06 | 5.5 | CVE-2022-40533 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48391 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48440 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48441 MISC |
google -- android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48442 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48443 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48444 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48445 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48446 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48447 MISC |
google -- android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-06-06 | 5.5 | CVE-2022-48448 MISC |
arm -- valhall_gpu_kernel_driver | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | 2023-06-02 | 5.5 | CVE-2023-28147 MISC |
arm -- avalon_gpu_kernel_driver | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | 2023-06-02 | 5.5 | CVE-2023-28469 MISC |
bt21_x_bts_wallpaper_project -- bt21_x_bts_wallpaper | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | 2023-06-02 | 5.5 | CVE-2023-29725 MISC MISC MISC MISC |
google -- android | In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30865 MISC |
google -- android | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30866 MISC |
google -- android | In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30914 MISC |
google -- android | In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-06-06 | 5.5 | CVE-2023-30915 MISC |
mp4v2_project -- mp4v2 | mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes() | 2023-06-02 | 5.5 | CVE-2023-33717 MISC MISC |
wordpress -- wordpress | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 5.4 | CVE-2023-2300 MISC MISC MISC |
wordpress -- wordpress | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 5.4 | CVE-2023-2302 MISC MISC MISC |
mozilla -- firefox_esr | A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | 5.4 | CVE-2023-25730 MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | 5.4 | CVE-2023-3051 MISC MISC MISC |
07fly -- customer_relationship_management | A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560. | 2023-06-02 | 5.4 | CVE-2023-3058 MISC MISC MISC |
agro-school_management_system_project -- agro-school_management_system | A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability. | 2023-06-02 | 5.4 | CVE-2023-3060 MISC MISC MISC |
trilium_project -- trilium | Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. | 2023-06-02 | 5.4 | CVE-2023-3067 MISC CONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3070 CONFIRM MISC |
tsolucio -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3071 MISC CONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3073 MISC CONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | 5.4 | CVE-2023-3074 CONFIRM MISC |
admidio -- admidio | Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. | 2023-06-05 | 5.4 | CVE-2023-3109 CONFIRM MISC |
minical -- minical | Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file. | 2023-06-05 | 5.4 | CVE-2023-33408 MISC MISC |
dokuwiki -- dokuwiki | DokuWiki before 2023-04-04a allows XSS via RSS titles. | 2023-06-05 | 5.4 | CVE-2023-34408 MISC MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings. | 2023-06-03 | 5.3 | CVE-2023-2299 MISC MISC MISC |
mozilla -- focus | Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | 5.3 | CVE-2023-29538 MISC MISC |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. | 2023-06-05 | 5.3 | CVE-2023-32334 MISC MISC MISC |
advent -- tamale_rms | Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app. | 2023-06-05 | 5.3 | CVE-2023-33524 MISC MISC MISC |
wordpress -- wordpress | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-02 | 4.8 | CVE-2023-1159 MISC MISC |
wordpress -- wordpress | The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-06-05 | 4.8 | CVE-2023-2224 MISC |
wordpress -- wordpress | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-05 | 4.8 | CVE-2023-2489 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions. | 2023-06-03 | 4.8 | CVE-2023-32582 MISC |
google -- android | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-06-06 | 4.4 | CVE-2022-48438 MISC |
google -- android | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-06-06 | 4.4 | CVE-2022-48439 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531. | 2023-06-06 | 4.4 | CVE-2023-20727 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603. | 2023-06-06 | 4.4 | CVE-2023-20728 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575. | 2023-06-06 | 4.4 | CVE-2023-20729 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573552. | 2023-06-06 | 4.4 | CVE-2023-20730 MISC |
linuxfoundation -- yocto | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495. | 2023-06-06 | 4.4 | CVE-2023-20731 MISC |
google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606. | 2023-06-06 | 4.4 | CVE-2023-20741 MISC |
google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628540. | 2023-06-06 | 4.4 | CVE-2023-20742 MISC |
linuxfoundation -- iot-yocto | In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121. | 2023-06-06 | 4.4 | CVE-2023-20747 MISC |
wordpress -- wordpress | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons. | 2023-06-03 | 4.3 | CVE-2023-0583 MISC MISC |
wordpress -- wordpress | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value. | 2023-06-03 | 4.3 | CVE-2023-0584 MISC MISC |
mb_connect_line -- mbconnect24 | Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information. | 2023-06-06 | 4.3 | CVE-2023-1779 MISC |
mozilla -- firefox | By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-25748 MISC MISC |
mozilla -- firefox | Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-25749 MISC MISC |
mozilla -- firefox | Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-25750 MISC MISC |
mozilla -- firefox | The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. | 2023-06-02 | 4.3 | CVE-2023-28159 MISC MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status. | 2023-06-03 | 4.3 | CVE-2023-3053 MISC MISC MISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | 4.3 | CVE-2023-3055 MISC MISC |
mozilla -- firefox | An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | 4.3 | CVE-2023-32212 MISC MISC MISC MISC |
google -- android | In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928. | 2023-06-06 | 4.1 | CVE-2023-20750 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
silabs -- gecko_software_development_kit | Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | 2023-06-02 | 3.3 | CVE-2023-2687 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress -- wordpress | A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671. | 2023-06-05 | not yet calculated | CVE-2013-10029 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672. | 2023-06-05 | not yet calculated | CVE-2013-10030 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652. | 2023-06-05 | not yet calculated | CVE-2015-10112 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655. | 2023-06-05 | not yet calculated | CVE-2015-10115 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability. | 2023-06-06 | not yet calculated | CVE-2015-10116 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664. | 2023-06-06 | not yet calculated | CVE-2015-10117 MISC MISC MISC MISC |
wordpress -- wordpress | The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2016-15033 MISC MISC MISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in Arborator Server. This vulnerability affects the function start of the file project.cgi. The manipulation of the argument project leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as cdbdbcbd491db65e9d697ab4365605fdfab1a604. It is recommended to apply a patch to fix this issue. VDB-230662 is the identifier assigned to this vulnerability. | 2023-06-06 | not yet calculated | CVE-2018-25087 MISC MISC MISC |
arborator -- server | A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | 2023-06-09 | not yet calculated | CVE-2019-16283 MISC |
wordpress -- wordpress | The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2019-25138 MISC MISC MISC |
wordpress -- wordpress | The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. | 2023-06-07 | not yet calculated | CVE-2019-25139 MISC MISC MISC MISC |
wordpress -- wordpress | The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2019-25140 MISC MISC MISC MISC |
wordpress -- wordpress | The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts. | 2023-06-07 | not yet calculated | CVE-2019-25141 MISC MISC MISC MISC |
wordpress -- wordpress | The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options. | 2023-06-07 | not yet calculated | CVE-2019-25142 MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings. | 2023-06-07 | not yet calculated | CVE-2019-25143 MISC MISC MISC MISC |
wordpress -- wordpress | The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2019-25144 MISC MISC |
wordpress -- wordpress | The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims. | 2023-06-07 | not yet calculated | CVE-2019-25145 MISC MISC |
wordpress -- wordpress | The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page. | 2023-06-07 | not yet calculated | CVE-2019-25146 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2019-25147 MISC MISC MISC |
wordpress -- wordpress | The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2019-25148 MISC MISC MISC |
wordpress -- wordpress | The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security. | 2023-06-07 | not yet calculated | CVE-2019-25149 MISC MISC |
wordpress -- wordpress | The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators. | 2023-06-07 | not yet calculated | CVE-2019-25150 MISC MISC MISC |
wordpress -- wordpress | The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service. | 2023-06-07 | not yet calculated | CVE-2019-25151 MISC MISC MISC MISC |
wordpress -- wordpress | The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service. | 2023-06-07 | not yet calculated | CVE-2020-36696 MISC MISC MISC MISC |
wordpress -- wordpress | The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings. | 2023-06-07 | not yet calculated | CVE-2020-36697 MISC MISC MISC |
wordpress -- wordpress | The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website. | 2023-06-07 | not yet calculated | CVE-2020-36699 MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content. | 2023-06-07 | not yet calculated | CVE-2020-36700 MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server. | 2023-06-07 | not yet calculated | CVE-2020-36701 MISC MISC MISC MISC |
wordpress -- wordpress | The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings. | 2023-06-07 | not yet calculated | CVE-2020-36702 MISC MISC |
wordpress -- wordpress | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts. | 2023-06-07 | not yet calculated | CVE-2020-36703 MISC MISC |
wordpress -- wordpress | The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2020-36704 MISC MISC |
wordpress -- wordpress | The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2020-36705 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2020-36707 MISC MISC MISC MISC |
wordpress -- wordpress | The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution. | 2023-06-07 | not yet calculated | CVE-2020-36708 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2020-36709 MISC MISC MISC |
wordpress -- wordpress | The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2. | 2023-06-07 | not yet calculated | CVE-2020-36710 MISC MISC |
wordpress -- wordpress | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2020-36711 MISC MISC MISC |
wordpress -- wordpress | The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter. | 2023-06-07 | not yet calculated | CVE-2020-36712 MISC MISC |
wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account. | 2023-06-07 | not yet calculated | CVE-2020-36713 MISC MISC MISC |
wordpress -- wordpress | The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2020-36715 MISC MISC MISC |
wordpress -- wordpress | The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options. | 2023-06-07 | not yet calculated | CVE-2020-36716 MISC MISC MISC |
wordpress -- wordpress | The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2020-36717 MISC MISC |
wordpress -- wordpress | The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object. | 2023-06-07 | not yet calculated | CVE-2020-36718 MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin. | 2023-06-07 | not yet calculated | CVE-2020-36719 MISC MISC MISC |
wordpress -- wordpress | The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings. | 2023-06-07 | not yet calculated | CVE-2020-36720 MISC MISC MISC |
wordpress -- wordpress | The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site. | 2023-06-07 | not yet calculated | CVE-2020-36721 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. | 2023-06-07 | not yet calculated | CVE-2020-36722 MISC MISC MISC MISC |
wordpress -- wordpress | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts. | 2023-06-07 | not yet calculated | CVE-2020-36723 MISC MISC MISC |
wordpress -- wordpress | The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges. | 2023-06-07 | not yet calculated | CVE-2020-36724 MISC MISC MISC |
wordpress -- wordpress | The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings. | 2023-06-07 | not yet calculated | CVE-2020-36725 MISC MISC MISC MISC |
wordpress -- wordpress | The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. | 2023-06-07 | not yet calculated | CVE-2020-36726 MISC MISC MISC |
wordpress -- wordpress | The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object. | 2023-06-07 | not yet calculated | CVE-2020-36727 MISC MISC MISC |
wordpress -- wordpress | The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site. | 2023-06-07 | not yet calculated | CVE-2020-36728 MISC MISC MISC MISC |
wordpress -- wordpress | The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog. | 2023-06-07 | not yet calculated | CVE-2020-36729 MISC MISC MISC MISC |
wordpress -- wordpress | The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin. | 2023-06-07 | not yet calculated | CVE-2020-36730 MISC MISC MISC MISC |
wordpress -- wordpress | The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored. | 2023-06-07 | not yet calculated | CVE-2020-36731 MISC MISC MISC |
seeddms -- seeddms | An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. | 2023-06-07 | not yet calculated | CVE-2021-33223 MISC MISC |
wordpress -- wordpress | Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. | 2023-06-07 | not yet calculated | CVE-2021-4337 MISC MISC MISC |
wordpress -- wordpress | The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections. | 2023-06-07 | not yet calculated | CVE-2021-4338 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database. | 2023-06-07 | not yet calculated | CVE-2021-4339 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-07 | not yet calculated | CVE-2021-4340 MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database. | 2023-06-07 | not yet calculated | CVE-2021-4341 MISC MISC |
wordpress -- wordpress | Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed. | 2023-06-07 | not yet calculated | CVE-2021-4342 MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges. | 2023-06-07 | not yet calculated | CVE-2021-4343 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including 'guest users', in their own category (authenticated, or unauthenticated guests). | 2023-06-07 | not yet calculated | CVE-2021-4344 MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities. | 2023-06-07 | not yet calculated | CVE-2021-4345 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog, such as changing the admin account's email address. | 2023-06-07 | not yet calculated | CVE-2021-4346 MISC MISC MISC |
wordpress -- wordpress | The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue. | 2023-06-07 | not yet calculated | CVE-2021-4347 MISC MISC |
wordpress -- wordpress | The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites. | 2023-06-07 | not yet calculated | CVE-2021-4348 MISC MISC |
wordpress -- wordpress | The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2021-4349 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay. | 2023-06-07 | not yet calculated | CVE-2021-4350 MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to change the meta data of certain posts and pages. | 2023-06-07 | not yet calculated | CVE-2021-4351 MISC MISC |
wordpress -- wordpress | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin. | 2023-06-07 | not yet calculated | CVE-2021-4352 MISC MISC MISC |
wordpress -- wordpress | The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2021-4354 MISC MISC |
wordpress -- wordpress | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders. | 2023-06-07 | not yet calculated | CVE-2021-4355 MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to download arbitrary files on the site, potentially leading to site takeover. | 2023-06-07 | not yet calculated | CVE-2021-4356 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete site posts and pages. | 2023-06-07 | not yet calculated | CVE-2021-4357 MISC MISC MISC MISC |
wordpress -- wordpress | The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4358 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site. | 2023-06-07 | not yet calculated | CVE-2021-4359 MISC MISC MISC |
wordpress -- wordpress | The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access. | 2023-06-07 | not yet calculated | CVE-2021-4360 MISC MISC MISC MISC |
wordpress -- wordpress | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site. | 2023-06-07 | not yet calculated | CVE-2021-4361 MISC MISC MISC |
wordpress -- wordpress | The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version. | 2023-06-07 | not yet calculated | CVE-2021-4362 MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on the user-supplied $_REQUEST values . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2021-4363 MISC MISC MISC |
wordpress -- wordpress | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls. | 2023-06-07 | not yet calculated | CVE-2021-4364 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4365 MISC MISC MISC |
wordpress -- wordpress | The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin. | 2023-06-07 | not yet calculated | CVE-2021-4366 MISC MISC MISC |
wordpress -- wordpress | The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4367 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities. | 2023-06-07 | not yet calculated | CVE-2021-4368 MISC MISC MISC |
wordpress -- wordpress | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to edit the content and title of every page on the site. | 2023-06-07 | not yet calculated | CVE-2021-4369 MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection. | 2023-06-07 | not yet calculated | CVE-2021-4370 MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so. | 2023-06-07 | not yet calculated | CVE-2021-4371 MISC MISC MISC |
wordpress -- wordpress | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site. | 2023-06-07 | not yet calculated | CVE-2021-4372 MISC MISC |
wordpress -- wordpress | The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-07 | not yet calculated | CVE-2021-4373 MISC MISC MISC |
wordpress -- wordpress | The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site. | 2023-06-07 | not yet calculated | CVE-2021-4374 MISC MISC |
wordpress -- wordpress | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings. | 2023-06-07 | not yet calculated | CVE-2021-4375 MISC MISC |
wordpress -- wordpress | The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value. | 2023-06-07 | not yet calculated | CVE-2021-4376 MISC MISC MISC MISC |
wordpress -- wordpress | The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This can allow authenticated attackers to extract a CSV file that contains sensitive information about the donors. | 2023-06-07 | not yet calculated | CVE-2021-4377 MISC MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-07 | not yet calculated | CVE-2021-4378 MISC MISC |
wordpress -- wordpress | The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices. | 2023-06-07 | not yet calculated | CVE-2021-4379 MISC MISC MISC |
wordpress -- wordpress | The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors. | 2023-06-07 | not yet calculated | CVE-2021-4380 MISC MISC MISC MISC |
wordpress -- wordpress | The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database. | 2023-06-07 | not yet calculated | CVE-2021-4381 MISC MISC MISC |
wordpress -- wordpress | The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2021-4382 MISC MISC MISC MISC |
wordpress -- wordpress | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog. | 2023-06-07 | not yet calculated | CVE-2021-4383 MISC MISC MISC |
wordpress -- wordpress | The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. | 2023-06-07 | not yet calculated | CVE-2021-46889 MISC |
qualcomm -- multiple_products | Assertion occurs while processing Reconfiguration message due to improper validation | 2023-06-06 | not yet calculated | CVE-2022-22060 MISC |
qualcomm -- multiple_products | information disclosure due to cryptographic issue in Core during RPMB read request. | 2023-06-06 | not yet calculated | CVE-2022-22076 MISC |
percona -- xtrabackup | In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. | 2023-06-07 | not yet calculated | CVE-2022-25834 MISC MISC |
vmware -- tools | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | 2023-06-07 | not yet calculated | CVE-2022-31693 CONFIRM MISC |
qualcomm -- multiple_products | Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries. | 2023-06-06 | not yet calculated | CVE-2022-33224 MISC |
qualcomm -- multiple_products | Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications. | 2023-06-06 | not yet calculated | CVE-2022-33226 MISC |
qualcomm -- multiple_products | Memory corruption in Linux android due to double free while calling unregister provider after register call. | 2023-06-06 | not yet calculated | CVE-2022-33227 MISC |
qualcomm -- multiple_products | Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host | 2023-06-06 | not yet calculated | CVE-2022-33230 MISC |
qualcomm -- multiple_products | Memory corruption in Audio due to incorrect type cast during audio use-cases. | 2023-06-06 | not yet calculated | CVE-2022-33240 MISC |
qualcomm -- multiple_products | Transient DOS due to reachable assertion in Modem because of invalid network configuration. | 2023-06-06 | not yet calculated | CVE-2022-33251 MISC |
qualcomm -- multiple_products | Memory corruption due to use after free in Core when multiple DCI clients register and deregister. | 2023-06-06 | not yet calculated | CVE-2022-33263 MISC |
qualcomm -- multiple_products | Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 2023-06-06 | not yet calculated | CVE-2022-33264 MISC |
qualcomm -- multiple_products | Memory corruption in Linux while sending DRM request. | 2023-06-06 | not yet calculated | CVE-2022-33267 MISC |
qualcomm -- multiple_products | Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue. | 2023-06-06 | not yet calculated | CVE-2022-33303 MISC |
qualcomm -- multiple_products | Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. | 2023-06-06 | not yet calculated | CVE-2022-33307 MISC |
qualcomm -- multiple_products | Memory corruption due to double free in Core while mapping HLOS address to the list. | 2023-06-06 | not yet calculated | CVE-2022-40507 MISC |
qualcomm -- multiple_products | Transient DOS due to improper authorization in Modem | 2023-06-06 | not yet calculated | CVE-2022-40521 MISC |
lenovo -- thinkpad | A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | 2023-06-05 | not yet calculated | CVE-2022-4569 MISC |
syncthing -- syncthing | Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. As a result the webUI may be subject to a stored cross site scripting attack. This issue has been addressed in version 1.23.5. Users are advised to upgrade. Users unable to upgrade should avoid sharing folders with untrusted users. | 2023-06-06 | not yet calculated | CVE-2022-46165 MISC MISC |
lenovo -- thinkpad | An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. | 2023-06-05 | not yet calculated | CVE-2022-48181 MISC |
lenovo -- multiple_products | A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. | 2023-06-05 | not yet calculated | CVE-2022-48188 MISC |
wordpress -- wordpress | The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. | 2023-06-05 | not yet calculated | CVE-2022-4946 MISC |
wordpress -- wordpress | The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker. | 2023-06-07 | not yet calculated | CVE-2022-4948 MISC MISC |
wordpress -- wordpress | The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible. | 2023-06-07 | not yet calculated | CVE-2022-4949 MISC MISC |
wordpress -- wordpress | Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. | 2023-06-07 | not yet calculated | CVE-2022-4950 MISC MISC MISC |
gitlab -- gitlab | A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | 2023-06-07 | not yet calculated | CVE-2023-0121 MISC CONFIRM MISC |
wordpress -- wordpress | The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-06-05 | not yet calculated | CVE-2023-0152 MISC |
wordpress -- wordpress | The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files. | 2023-06-09 | not yet calculated | CVE-2023-0291 MISC MISC MISC MISC |
wordpress -- wordpress | The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-0292 MISC MISC MISC MISC |
mongodb_inc. -- mongodb_ops_manager | MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 | 2023-06-09 | not yet calculated | CVE-2023-0342 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API. | 2023-06-07 | not yet calculated | CVE-2023-0508 MISC MISC CONFIRM |
wordpress -- wordpress | The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-06-05 | not yet calculated | CVE-2023-0545 MISC |
linux -- multiple_products | Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01. | 2023-06-05 | not yet calculated | CVE-2023-0635 MISC |
linux -- multiple_products | Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1. | 2023-06-05 | not yet calculated | CVE-2023-0636 MISC |
wireshark_foundation -- wireshark | Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | 2023-06-07 | not yet calculated | CVE-2023-0666 MISC MISC MISC MISC |
wireshark_foundation -- wireshark | Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark | 2023-06-07 | not yet calculated | CVE-2023-0667 MISC MISC |
wireshark_foundation -- wireshark | Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | 2023-06-07 | not yet calculated | CVE-2023-0668 MISC MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID. | 2023-06-09 | not yet calculated | CVE-2023-0688 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter's last name. | 2023-06-09 | not yet calculated | CVE-2023-0691 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions. | 2023-06-09 | not yet calculated | CVE-2023-0692 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment. | 2023-06-09 | not yet calculated | CVE-2023-0693 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission. | 2023-06-09 | not yet calculated | CVE-2023-0694 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | not yet calculated | CVE-2023-0695 MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | not yet calculated | CVE-2023-0708 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | not yet calculated | CVE-2023-0709 MISC MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity. | 2023-06-09 | not yet calculated | CVE-2023-0710 MISC MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2023-06-09 | not yet calculated | CVE-2023-0721 MISC MISC MISC |
wordpress -- wordpress | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-06-09 | not yet calculated | CVE-2023-0729 MISC MISC MISC |
wordpress -- wordpress | The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-0831 MISC MISC |
wordpress -- wordpress | The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-0832 MISC MISC |
wordpress -- wordpress | The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. | 2023-06-05 | not yet calculated | CVE-2023-0900 MISC |
gitlab -- gitlab | A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 2023-06-06 | not yet calculated | CVE-2023-0921 CONFIRM MISC MISC |
sensormatic_electronics -- illustra_pro_gen_4_dome | A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. | 2023-06-08 | not yet calculated | CVE-2023-0954 MISC MISC |
trellix -- trellix_agent | A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. | 2023-06-07 | not yet calculated | CVE-2023-0976 MISC |
wordpress -- wordpress | The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-0992 MISC MISC MISC |
wordpress -- wordpress | The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992. | 2023-06-09 | not yet calculated | CVE-2023-0993 MISC MISC MISC |
wordpress -- wordpress | The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK. | 2023-06-09 | not yet calculated | CVE-2023-1016 MISC MISC |
wordpress -- wordpress | The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site. | 2023-06-09 | not yet calculated | CVE-2023-1169 MISC MISC MISC |
hashicorp -- consul | Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 | 2023-06-02 | not yet calculated | CVE-2023-1297 MISC |
wordpress -- wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache. | 2023-06-09 | not yet calculated | CVE-2023-1375 MISC MISC MISC |
trellix -- trellix_agent | A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. | 2023-06-07 | not yet calculated | CVE-2023-1388 MISC |
wordpress -- wordpress | The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-1403 MISC MISC |
wordpress -- wordpress | The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-1404 MISC MISC |
google -- grpc | There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. | 2023-06-09 | not yet calculated | CVE-2023-1428 MISC |
wordpress -- wordpress | The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address. | 2023-06-09 | not yet calculated | CVE-2023-1430 MISC MISC |
wordpress -- wordpress | The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-1615 MISC MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. | 2023-06-06 | not yet calculated | CVE-2023-1621 CONFIRM MISC MISC |
siemens -- jt2go | The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2023-06-07 | not yet calculated | CVE-2023-1709 MISC MISC |
wordpress -- wordpress | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-1807 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. | 2023-06-07 | not yet calculated | CVE-2023-1825 CONFIRM MISC |
wordpress -- wordpress | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure. | 2023-06-09 | not yet calculated | CVE-2023-1843 MISC MISC MISC |
fanuc -- roboguide-handlingpro | FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. | 2023-06-07 | not yet calculated | CVE-2023-1864 MISC |
wordpress -- wordpress | The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges. | 2023-06-09 | not yet calculated | CVE-2023-1888 MISC MISC |
wordpress -- wordpress | The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. | 2023-06-09 | not yet calculated | CVE-2023-1889 MISC MISC |
wordpress -- wordpress | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2023-06-09 | not yet calculated | CVE-2023-1895 MISC MISC |
wordpress -- wordpress | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer's site. | 2023-06-09 | not yet calculated | CVE-2023-1910 MISC MISC |
wordpress -- wordpress | The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround. | 2023-06-09 | not yet calculated | CVE-2023-1917 MISC MISC MISC MISC |
wordpress -- wordpress | The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-1978 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. | 2023-06-07 | not yet calculated | CVE-2023-2001 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | 2023-06-07 | not yet calculated | CVE-2023-2013 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims. | 2023-06-07 | not yet calculated | CVE-2023-2015 MISC CONFIRM MISC |
wordpress -- wordpress | The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-2031 MISC MISC MISC |
wordpress -- wordpress | The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings, modify bulletins, create new bulletins, and more. | 2023-06-09 | not yet calculated | CVE-2023-2066 MISC MISC MISC |
wordpress -- wordpress | The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site's user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2067 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2083 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2084 MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2085 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | not yet calculated | CVE-2023-2086 MISC MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2087 MISC MISC MISC |
aria -- operations_for_networks | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. | 2023-06-07 | not yet calculated | CVE-2023-20887 MISC |
aria -- operations_for_networks | Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | 2023-06-07 | not yet calculated | CVE-2023-20888 MISC |
aria -- operations_for_networks | Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 2023-06-07 | not yet calculated | CVE-2023-20889 MISC |
hashicorp_vault | Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. | 2023-06-09 | not yet calculated | CVE-2023-2121 MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. | 2023-06-06 | not yet calculated | CVE-2023-2132 MISC MISC CONFIRM |
imagemagick -- imagemagick | A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. | 2023-06-06 | not yet calculated | CVE-2023-2157 MISC |
wordpress -- wordpress | The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature. | 2023-06-09 | not yet calculated | CVE-2023-2159 MISC MISC MISC |
grafana-- grafana | Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix. | 2023-06-06 | not yet calculated | CVE-2023-2183 MISC MISC |
wordpress -- wordpress | The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2184 MISC MISC |
triangle_microworks -- scada_data_gateway | On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution. | 2023-06-07 | not yet calculated | CVE-2023-2186 MISC |
triangle_microworks -- scada_data_gateway | On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events. | 2023-06-07 | not yet calculated | CVE-2023-2187 MISC |
wordpress -- wordpress | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets. | 2023-06-09 | not yet calculated | CVE-2023-2189 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | 2023-06-07 | not yet calculated | CVE-2023-2198 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | 2023-06-07 | not yet calculated | CVE-2023-2199 MISC MISC CONFIRM |
wordpress -- wordpress | The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-2237 MISC MISC MISC |
advantech -- webaccess/scada | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | 2023-06-06 | not yet calculated | CVE-2023-22450 MISC |
wordpress -- wordpress | The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services. | 2023-06-09 | not yet calculated | CVE-2023-2249 MISC MISC MISC |
distribution/distribution -- distribution/distribution | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. | 2023-06-06 | not yet calculated | CVE-2023-2253 MISC |
wordpress -- wordpress | The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails. | 2023-06-09 | not yet calculated | CVE-2023-2261 MISC MISC MISC |
wordpress -- wordpress | The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes. | 2023-06-09 | not yet calculated | CVE-2023-2275 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3. | 2023-06-09 | not yet calculated | CVE-2023-2280 MISC MISC MISC |
palantir_foundry -- lime2 | Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. | 2023-06-06 | not yet calculated | CVE-2023-22833 MISC |
wordpress -- wordpress | The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings. | 2023-06-09 | not yet calculated | CVE-2023-2284 MISC MISC |
wordpress -- wordpress | The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2285 MISC MISC |
wordpress -- wordpress | The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2286 MISC MISC MISC |
wordpress -- wordpress | The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2289 MISC MISC |
wordpress -- wordpress | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-2305 MISC MISC MISC MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. | 2023-06-08 | not yet calculated | CVE-2023-23480 MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. | 2023-06-08 | not yet calculated | CVE-2023-23481 MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. | 2023-06-08 | not yet calculated | CVE-2023-23482 MISC MISC |
delta_electronics -- cncsoft-b_dopsoft | Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | 2023-06-07 | not yet calculated | CVE-2023-24014 MISC |
wordpress -- wordpress | The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2402 MISC MISC |
wordpress -- wordpress | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2404 MISC MISC MISC |
wordpress -- wordpress | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2405 MISC MISC MISC |
wordpress -- wordpress | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2406 MISC MISC MISC MISC |
wordpress -- wordpress | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2407 MISC MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript. | 2023-06-09 | not yet calculated | CVE-2023-2414 MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler. | 2023-06-03 | not yet calculated | CVE-2023-2415 MISC MISC MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2416 MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | 2023-06-07 | not yet calculated | CVE-2023-2442 MISC CONFIRM MISC |
ptc -- vufora_studio | An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | 2023-06-07 | not yet calculated | CVE-2023-24476 MISC |
wordpress -- wordpress | The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2450 MISC MISC MISC |
arista_networks -- arista_eos | On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | 2023-06-05 | not yet calculated | CVE-2023-24510 MISC |
wordpress -- wordpress | The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2452 MISC MISC MISC |
google.golang.org/protobuf -- google.golang.org/protobuf/encoding/prototext | Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. | 2023-06-08 | not yet calculated | CVE-2023-24535 MISC MISC MISC |
postgresql -- postgresql | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | 2023-06-09 | not yet calculated | CVE-2023-2454 MISC MISC |
postgresql -- postgresql | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | 2023-06-09 | not yet calculated | CVE-2023-2455 MISC MISC |
wordpress -- wordpress | The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-2484 MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. | 2023-06-07 | not yet calculated | CVE-2023-2485 CONFIRM MISC MISC |
wordpress -- wordpress | The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | not yet calculated | CVE-2023-2503 MISC |
delta_electronics -- cncsoft-b_dopsoft | Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | 2023-06-07 | not yet calculated | CVE-2023-25177 MISC |
wordpress -- wordpress | The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2526 MISC MISC MISC MISC |
puppet -- puppet_enterprise | A privilege escalation allowing remote code execution was discovered in the orchestration service. | 2023-06-07 | not yet calculated | CVE-2023-2530 MISC |
knime -- knime_business_hub | The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed. | 2023-06-07 | not yet calculated | CVE-2023-2541 MISC |
wordpress -- wordpress | The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username. | 2023-06-06 | not yet calculated | CVE-2023-2546 MISC MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher. | 2023-06-09 | not yet calculated | CVE-2023-2555 MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher. | 2023-06-09 | not yet calculated | CVE-2023-2556 MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher. | 2023-06-09 | not yet calculated | CVE-2023-2557 MISC MISC |
wordpress -- wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | not yet calculated | CVE-2023-2558 MISC MISC |
wordpress -- wordpress | The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | not yet calculated | CVE-2023-2571 MISC |
wordpress -- wordpress | The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-05 | not yet calculated | CVE-2023-2572 MISC |
wordpress -- wordpress | The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2584 MISC MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group. | 2023-06-07 | not yet calculated | CVE-2023-2589 MISC CONFIRM MISC |
wordpress -- wordpress | The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2599 MISC MISC MISC |
libcap -- libcap | A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. | 2023-06-06 | not yet calculated | CVE-2023-2602 MISC MISC |
libcap -- libcap | A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | 2023-06-06 | not yet calculated | CVE-2023-2603 MISC MISC |
wordpress -- wordpress | The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2604 MISC MISC |
wordpress -- wordpress | The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | not yet calculated | CVE-2023-2607 MISC MISC MISC |
dottie -- dottie | Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. | 2023-06-10 | not yet calculated | CVE-2023-26132 MISC MISC MISC |
wordpress -- wordpress | The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-05 | not yet calculated | CVE-2023-2634 MISC |
pegasystems -- pega_infinity | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | 2023-06-09 | not yet calculated | CVE-2023-26465 MISC |
wordpress -- wordpress | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root. | 2023-06-09 | not yet calculated | CVE-2023-2688 MISC MISC |
tp-link_tapo -- tp-link_tapo | The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | 2023-06-06 | not yet calculated | CVE-2023-27126 MISC MISC MISC |
wordpress -- wordpress | The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library. | 2023-06-09 | not yet calculated | CVE-2023-2764 MISC MISC MISC |
wordpress -- wordpress | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | not yet calculated | CVE-2023-2767 MISC MISC |
bitwarden -- desktop | Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault. | 2023-06-09 | not yet calculated | CVE-2023-27706 MISC MISC MISC MISC |
ptc -- vuforia_studio | A user could use the “Upload Resource” functionality to upload files to any location on the disk. | 2023-06-07 | not yet calculated | CVE-2023-27881 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-27916 MISC |
zyxel -- nr7101 | A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | 2023-06-05 | not yet calculated | CVE-2023-27989 MISC |
grafana -- grafana | Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix. | 2023-06-06 | not yet calculated | CVE-2023-2801 MISC |
hashicorp -- consul | Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. | 2023-06-02 | not yet calculated | CVE-2023-2816 MISC |
wordpress -- wordpress | The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. | 2023-06-06 | not yet calculated | CVE-2023-2833 MISC MISC MISC MISC MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-28653 MISC |
advantech -- webaccess/scada | If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | 2023-06-07 | not yet calculated | CVE-2023-2866 MISC |
kubernetes -- secrets-store-csi-driver | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 2023-06-07 | not yet calculated | CVE-2023-2878 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2891 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2892 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2893 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2894 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2895 MISC MISC |
wordpress -- wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | not yet calculated | CVE-2023-2896 MISC MISC |
wordpress -- wordpress | The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality. | 2023-06-09 | not yet calculated | CVE-2023-2897 MISC MISC |
hid_global -- safe | The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition. | 2023-06-07 | not yet calculated | CVE-2023-2904 MISC MISC |
ptc -- vuforia_studio | By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | 2023-06-07 | not yet calculated | CVE-2023-29152 MISC |
ptc -- vuforia_studio | The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | 2023-06-07 | not yet calculated | CVE-2023-29168 MISC |
github.com/gin-gonic/gin -- github.com/gin-gonic/gin | The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header. | 2023-06-08 | not yet calculated | CVE-2023-29401 MISC MISC MISC MISC |
go_toolchain -- cmd/go | The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). | 2023-06-08 | not yet calculated | CVE-2023-29402 MISC MISC MISC MISC |
go_standard_library -- runtime | On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. | 2023-06-08 | not yet calculated | CVE-2023-29403 MISC MISC MISC MISC |
go_toolchain -- cmd/go | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. | 2023-06-08 | not yet calculated | CVE-2023-29404 MISC MISC MISC MISC |
go_toolchain -- cmd/go | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | 2023-06-08 | not yet calculated | CVE-2023-29405 MISC MISC MISC MISC |
ptc -- vuforia | Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | 2023-06-07 | not yet calculated | CVE-2023-29502 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-29503 MISC |
advancecomp -- advancecomp | A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability. | 2023-06-06 | not yet calculated | CVE-2023-2961 MISC |
prestashop -- jmsthemelayout | PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php. | 2023-06-05 | not yet calculated | CVE-2023-29629 MISC |
prestashop -- jmsmegamenu | PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php. | 2023-06-05 | not yet calculated | CVE-2023-29630 MISC |
prestashop -- jmsslider | PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. | 2023-06-05 | not yet calculated | CVE-2023-29631 MISC |
prestashop -- jmspagebuilder | PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. | 2023-06-06 | not yet calculated | CVE-2023-29632 MISC |
vade -- secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. | 2023-06-09 | not yet calculated | CVE-2023-29712 MISC MISC MISC |
vade -- secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. | 2023-06-09 | not yet calculated | CVE-2023-29713 MISC MISC MISC |
vade -- secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. | 2023-06-09 | not yet calculated | CVE-2023-29714 MISC MISC MISC |
yandex -- navigator | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29749 MISC |
yandex -- navigator | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29751 MISC |
facemoji -- emoji_keyboard | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | 2023-06-09 | not yet calculated | CVE-2023-29752 MISC |
facemoji -- emoji_keyboard | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29753 MISC |
google -- android | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29755 MISC |
google -- android | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29756 MISC |
google -- android | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29757 MISC |
google -- android | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29758 MISC |
google -- android | An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. | 2023-06-09 | not yet calculated | CVE-2023-29759 MISC |
google -- android | An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | not yet calculated | CVE-2023-29761 MISC |
google -- android | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. | 2023-06-09 | not yet calculated | CVE-2023-29766 MISC |
google -- android | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | 2023-06-09 | not yet calculated | CVE-2023-29767 MISC |
wordpress -- wordpress | The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers. | 2023-06-08 | not yet calculated | CVE-2023-2986 MISC MISC MISC MISC |
mim_software_inc -- multiple_products | An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service. | 2023-06-09 | not yet calculated | CVE-2023-30262 MISC MISC MISC |
rhacm -- rhacm | The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created. | 2023-06-05 | not yet calculated | CVE-2023-3027 MISC |
anyka_microelectronics -- ak3918ev300_mcu | An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password. | 2023-06-07 | not yet calculated | CVE-2023-30400 MISC MISC |
xpdf -- xpdf | An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. | 2023-06-02 | not yet calculated | CVE-2023-3044 MISC MISC |
apache -- guacamole | Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. | 2023-06-07 | not yet calculated | CVE-2023-30575 MISC |
apache -- guacamole | Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process. | 2023-06-07 | not yet calculated | CVE-2023-30576 MISC |
mobatime -- mobatime_mobile_application_amxgt100 | Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | 2023-06-05 | not yet calculated | CVE-2023-3064 MISC |
mobatime -- mobatime_mobile_application_amxgt100 | Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | 2023-06-05 | not yet calculated | CVE-2023-3065 MISC |
mobatime -- mobatime_mobile_application_amxgt100 | Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | 2023-06-05 | not yet calculated | CVE-2023-3066 MISC |
google -- chrome | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-05 | not yet calculated | CVE-2023-3079 MISC MISC MISC MISC |
x-wrt_luci -- x-wrt_luci | A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663. | 2023-06-03 | not yet calculated | CVE-2023-3085 MISC MISC MISC MISC |
foundry -- comments | A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time. | 2023-06-06 | not yet calculated | CVE-2023-30948 MISC |
kylinsoft -- kylin | A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3096 MISC MISC MISC |
kylinsoft -- kylin | A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3097 MISC MISC MISC |
kylinsoft -- youker-assistant | A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3098 MISC MISC MISC |
kylinsoft -- youker-assistant | A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3099 MISC MISC MISC |
ibos -- ibos | A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-230690 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-05 | not yet calculated | CVE-2023-3100 MISC MISC MISC |
samsung -- exynos_modem | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application. | 2023-06-07 | not yet calculated | CVE-2023-31114 MISC |
samsung -- exynos_modem | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application. | 2023-06-07 | not yet calculated | CVE-2023-31115 MISC |
samsung -- exynos_modem | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application. | 2023-06-07 | not yet calculated | CVE-2023-31116 MISC |
ptc -- vuforia | PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | 2023-06-07 | not yet calculated | CVE-2023-31200 MISC |
dahua -- smart_parking_management | A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-06 | not yet calculated | CVE-2023-3121 MISC MISC MISC |
wordpress -- wordpress | The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. | 2023-06-07 | not yet calculated | CVE-2023-3124 MISC MISC |
horner_automation -- multiple_products | The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. | 2023-06-06 | not yet calculated | CVE-2023-31244 MISC |
wordpress -- wordpress | The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site. | 2023-06-07 | not yet calculated | CVE-2023-3125 MISC MISC MISC |
wordpress -- wordpress | The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site. | 2023-06-07 | not yet calculated | CVE-2023-3126 MISC MISC MISC |
horner_automation -- multiple_products | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-31278 MISC |
knime -- knime_business_hub | Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. | 2023-06-07 | not yet calculated | CVE-2023-3140 MISC |
linux -- kernel | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | 2023-06-09 | not yet calculated | CVE-2023-3141 MISC |
microweber -- microweber/microweber | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | 2023-06-07 | not yet calculated | CVE-2023-3142 CONFIRM MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | 2023-06-07 | not yet calculated | CVE-2023-3143 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3144 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3145 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015. | 2023-06-07 | not yet calculated | CVE-2023-3146 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231016. | 2023-06-07 | not yet calculated | CVE-2023-3147 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects some unknown processing of the file admin\posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231017 was assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3148 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231018 is the identifier assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3149 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231019. | 2023-06-07 | not yet calculated | CVE-2023-3150 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231020. | 2023-06-07 | not yet calculated | CVE-2023-3151 MISC MISC MISC |
sourcecodester -- online_discussion_forum_site | A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability. | 2023-06-07 | not yet calculated | CVE-2023-3152 MISC MISC MISC |
totolink -- x5000r | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | 2023-06-06 | not yet calculated | CVE-2023-31569 MISC MISC MISC MISC |
ruby_gem -- ruby_gem | A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2023-06-06 | not yet calculated | CVE-2023-31606 MISC MISC MISC |
y_project -- ruoyi | A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-3163 MISC MISC MISC |
sourcecodester -- life_insurance_management_sys | A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-3165 MISC MISC MISC |
froxlor -- froxlor | Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | 2023-06-09 | not yet calculated | CVE-2023-3172 CONFIRM MISC |
froxlor -- froxlor | Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | 2023-06-09 | not yet calculated | CVE-2023-3173 MISC CONFIRM |
sourcecodester -- lost_and_found_information_system | A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability. | 2023-06-09 | not yet calculated | CVE-2023-3176 MISC MISC MISC |
sourcecodester -- lost_and_found_information_system | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151. | 2023-06-09 | not yet calculated | CVE-2023-3177 MISC MISC MISC |
sourcecodester -- performance_indicator_system | A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163. | 2023-06-09 | not yet calculated | CVE-2023-3183 MISC MISC MISC |
sourcecodester -- sales_tracker_management_system | A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164. | 2023-06-09 | not yet calculated | CVE-2023-3184 MISC MISC MISC |
phpgurukul --teachers_record_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176. | 2023-06-09 | not yet calculated | CVE-2023-3187 MISC MISC MISC |
owncast -- owncast | Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. | 2023-06-10 | not yet calculated | CVE-2023-3188 CONFIRM MISC |
telefnica_brasil -- vivo_play_iptv | Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | 2023-06-05 | not yet calculated | CVE-2023-31893 MISC MISC |
nilsteampassnet -- teampass | Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-10 | not yet calculated | CVE-2023-3190 CONFIRM MISC |
nilsteampassnet -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-10 | not yet calculated | CVE-2023-3191 MISC CONFIRM |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32203 MISC |
sailpoint -- identityiq | IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | 2023-06-05 | not yet calculated | CVE-2023-32217 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32281 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32289 MISC |
umbraco -- umbracoidentityextensions | UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible. | 2023-06-09 | not yet calculated | CVE-2023-32312 MISC MISC MISC MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32539 MISC |
advantech -- webaccess/scada | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | 2023-06-06 | not yet calculated | CVE-2023-32540 MISC |
horner_automation -- cscape | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-06-06 | not yet calculated | CVE-2023-32545 MISC |
canonical_ltd. -- landscape | Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. | 2023-06-06 | not yet calculated | CVE-2023-32549 MISC |
canonical_ltd. -- landscape | Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | 2023-06-06 | not yet calculated | CVE-2023-32550 MISC |
canonical_ltd. -- landscape | Landscape allowed URLs which caused open redirection. | 2023-06-06 | not yet calculated | CVE-2023-32551 MISC |
advantech -- webaccess/scada | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | 2023-06-06 | not yet calculated | CVE-2023-32628 MISC |
matrix-org -- synapse | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade. | 2023-06-06 | not yet calculated | CVE-2023-32682 MISC MISC MISC MISC MISC MISC |
matrix-org -- synapse | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews. | 2023-06-06 | not yet calculated | CVE-2023-32683 MISC MISC |
google -- grpc | When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309 | 2023-06-09 | not yet calculated | CVE-2023-32731 MISC |
google -- grpc | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url | 2023-06-09 | not yet calculated | CVE-2023-32732 MISC |
abstrium -- pydio_cells | Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted. | 2023-06-08 | not yet calculated | CVE-2023-32749 MISC MISC FULLDISC MISC |
abstrium -- pydio_cells | Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells. | 2023-06-08 | not yet calculated | CVE-2023-32750 MISC MISC |
abstrium -- pydio_cells | Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-32751 MISC MISC |
marval -- marval_msm | Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application. | 2023-06-07 | not yet calculated | CVE-2023-33282 MISC MISC |
marval -- marval_msm | Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key. | 2023-06-07 | not yet calculated | CVE-2023-33283 MISC |
marval -- marval_msm | Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server. | 2023-06-07 | not yet calculated | CVE-2023-33284 MISC |
mitrastar-- gpt-2741gnac | A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function. | 2023-06-06 | not yet calculated | CVE-2023-33381 MISC MISC MISC |
besder -- ip_camera | Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints. | 2023-06-08 | not yet calculated | CVE-2023-33443 MISC |
sogou -- workflow | In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. | 2023-06-06 | not yet calculated | CVE-2023-33457 MISC |
lloyd -- yajl | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. | 2023-06-06 | not yet calculated | CVE-2023-33460 MISC |
harmonic -- nsg_90006g | In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. | 2023-06-06 | not yet calculated | CVE-2023-33477 MISC |
xuxueli -- xxl-rpc | xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode. | 2023-06-07 | not yet calculated | CVE-2023-33496 MISC |
alist -- alist | alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | 2023-06-07 | not yet calculated | CVE-2023-33498 MISC |
jeecg -- p3_biz_chat | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | 2023-06-07 | not yet calculated | CVE-2023-33510 MISC |
emoncms -- emoncms | emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. | 2023-06-05 | not yet calculated | CVE-2023-33518 MISC |
tenda -- g103 | There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges. | 2023-06-06 | not yet calculated | CVE-2023-33530 MISC MISC |
netgear -- r6250 | There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. | 2023-06-06 | not yet calculated | CVE-2023-33532 MISC MISC |
netgear -- d6220 | Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges. | 2023-06-06 | not yet calculated | CVE-2023-33533 MISC MISC |
tp-link -- tw-wr940n | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. | 2023-06-07 | not yet calculated | CVE-2023-33536 MISC |
tp-link -- tw-wr940n | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. | 2023-06-07 | not yet calculated | CVE-2023-33537 MISC |
tp-link -- tw-wr940n | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | 2023-06-07 | not yet calculated | CVE-2023-33538 MISC |
planet_technologies -- wdrt-1800ax | An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. | 2023-06-07 | not yet calculated | CVE-2023-33553 MISC MISC |
totolink -- a7100ru | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | 2023-06-07 | not yet calculated | CVE-2023-33556 MISC |
fuel_cms -- fuel_cms | Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | 2023-06-09 | not yet calculated | CVE-2023-33557 MISC MISC |
sourcecodester -- faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. | 2023-06-06 | not yet calculated | CVE-2023-33569 MISC |
cpython -- cpython | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | 2023-06-07 | not yet calculated | CVE-2023-33595 MISC MISC |
phpok -- phpok | An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | 2023-06-07 | not yet calculated | CVE-2023-33601 MISC |
imperial_cms -- imperial_cms | Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request. | 2023-06-07 | not yet calculated | CVE-2023-33604 MISC |
axtls -- axtls | axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key. | 2023-06-06 | not yet calculated | CVE-2023-33613 MISC |
sitecore -- experience_platform | An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules. | 2023-06-06 | not yet calculated | CVE-2023-33651 MISC MISC |
sitecore -- experience_platform | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. | 2023-06-06 | not yet calculated | CVE-2023-33652 MISC |
sitecore -- experience_platform | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML. | 2023-06-06 | not yet calculated | CVE-2023-33653 MISC |
nanomq -- nanomq | A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack. | 2023-06-08 | not yet calculated | CVE-2023-33657 MISC MISC MISC |
nanomq -- nanomq | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack. | 2023-06-08 | not yet calculated | CVE-2023-33658 MISC MISC MISC |
nanomq -- nanomq | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | 2023-06-06 | not yet calculated | CVE-2023-33659 MISC MISC MISC |
nanomq -- nanomq | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | 2023-06-08 | not yet calculated | CVE-2023-33660 MISC MISC MISC |
db_elettronica_telecomunicazioni -- spa_sft_dab 600/c | Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol. | 2023-06-06 | not yet calculated | CVE-2023-33684 MISC |
sonicjs -- sonicjs | SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | 2023-06-05 | not yet calculated | CVE-2023-33690 MISC MISC |
easyplayerpro-win -- easyplayerpro-win | A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. | 2023-06-05 | not yet calculated | CVE-2023-33693 MISC MISC MISC |
cloudpanel -- cloudpanel | CloudPanel v2.2.2 allows attackers to execute a path traversal. | 2023-06-06 | not yet calculated | CVE-2023-33747 MISC MISC MISC MISC MISC MISC |
d-link -- dir-842v2 | An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. | 2023-06-07 | not yet calculated | CVE-2023-33781 MISC MISC MISC MISC |
d-link -- dir-842v2 | D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | 2023-06-07 | not yet calculated | CVE-2023-33782 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100. | 2023-06-08 | not yet calculated | CVE-2023-33846 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. | 2023-06-08 | not yet calculated | CVE-2023-33847 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104. | 2023-06-07 | not yet calculated | CVE-2023-33848 MISC MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105. | 2023-06-07 | not yet calculated | CVE-2023-33849 MISC MISC MISC MISC |
renderdoc -- renderdoc | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2). | 2023-06-07 | not yet calculated | CVE-2023-33863 MISC MISC FULLDISC MISC |
renderdoc -- renderdoc | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2). | 2023-06-07 | not yet calculated | CVE-2023-33864 MISC MISC FULLDISC MISC |
renderdoc -- renderdoc | RenderDoc through 1.26 allows local privilege escalation via a symlink attack. | 2023-06-07 | not yet calculated | CVE-2023-33865 MISC MISC FULLDISC MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-33956 MISC MISC |
notaryproject -- notation | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | 2023-06-06 | not yet calculated | CVE-2023-33957 MISC MISC |
notaryproject -- notation | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | 2023-06-06 | not yet calculated | CVE-2023-33958 MISC MISC |
notaryproject -- notation | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | 2023-06-06 | not yet calculated | CVE-2023-33959 MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-33968 MISC MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config. | 2023-06-05 | not yet calculated | CVE-2023-33969 MISC MISC |
kanboard -- kanboard | Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-33970 MISC MISC |
kiwi_tcms -- kiwi_tcms | Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. The upload validation checks were not 100% robust which left the possibility to circumvent them and upload a potentially dangerous file which allows execution of arbitrary JavaScript in the browser. Additionally we've discovered that Nginx's `proxy_pass` directive will strip some headers negating protections built into Kiwi TCMS when served behind a reverse proxy. This issue has been addressed in version 12.4. Users are advised to upgrade. Users unable to upgrade who are serving Kiwi TCMS behind a reverse proxy should make sure that additional header values are still passed to the client browser. If they aren't redefining them inside the proxy configuration. | 2023-06-06 | not yet calculated | CVE-2023-33977 MISC MISC MISC MISC MISC |
thruk -- thruk | Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2. | 2023-06-08 | not yet calculated | CVE-2023-34096 MISC MISC MISC MISC MISC MISC MISC MISC |
hoppscotch -- hoppscotch | hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-05 | not yet calculated | CVE-2023-34097 MISC MISC |
contiki-ng -- contiki-ng | Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`. | 2023-06-09 | not yet calculated | CVE-2023-34100 MISC MISC |
avo -- avo | Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made. | 2023-06-05 | not yet calculated | CVE-2023-34102 MISC MISC |
avo -- avo | Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation. | 2023-06-05 | not yet calculated | CVE-2023-34103 MISC MISC |
fast-xml-parser -- fast-xml-parser | fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option. | 2023-06-06 | not yet calculated | CVE-2023-34104 MISC MISC |
mailcow -- mailcow | mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the `passwd-verify.lua` script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of "password= | 2023-06-07 | not yet calculated | CVE-2023-34108 MISC MISC MISC |
zxcvbn-ts -- zxcvbn-ts | zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function. | 2023-06-07 | not yet calculated | CVE-2023-34109 MISC MISC |
taosdata -- grafanaplugin | The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources. | 2023-06-06 | not yet calculated | CVE-2023-34111 MISC MISC MISC |
bytedeco -- javacpp-presets | JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution. | 2023-06-09 | not yet calculated | CVE-2023-34112 MISC MISC |
snowflake-connector -- snowflake-connector | snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue. | 2023-06-08 | not yet calculated | CVE-2023-34230 MISC |
snowflake-connector -- snowflake-connector | gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19. | 2023-06-08 | not yet calculated | CVE-2023-34231 MISC MISC MISC |
snowflake-connector -- snowflake-connector | snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue. | 2023-06-08 | not yet calculated | CVE-2023-34232 MISC MISC MISC MISC |
snowflake-connector -- snowflake-connector | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue. | 2023-06-08 | not yet calculated | CVE-2023-34233 MISC MISC MISC |
openzeppelin -- openzeppelin-contracts | OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround. | 2023-06-07 | not yet calculated | CVE-2023-34234 MISC MISC |
sabnzbd -- sabnzbd | SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible. | 2023-06-07 | not yet calculated | CVE-2023-34237 MISC MISC MISC MISC |
gatsby -- gatsby | Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `[email protected]` and `[email protected]` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet. | 2023-06-08 | not yet calculated | CVE-2023-34238 MISC MISC MISC |
gradio -- gradio | Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-08 | not yet calculated | CVE-2023-34239 MISC MISC MISC |
tgstation -- tgstation | TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban. | 2023-06-08 | not yet calculated | CVE-2023-34243 MISC MISC |
udecode -- plate | @udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `['http', 'https', 'mailto', 'tel']`. URLs using a scheme that isn't in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements. | 2023-06-09 | not yet calculated | CVE-2023-34245 MISC MISC |
progress -- moveit_transfer | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. | 2023-06-02 | not yet calculated | CVE-2023-34362 MISC |
progress -- datadirect_connect | An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used. | 2023-06-09 | not yet calculated | CVE-2023-34363 MISC CONFIRM |
progress -- datadirect_connect | A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code. | 2023-06-09 | not yet calculated | CVE-2023-34364 MISC CONFIRM |
percona -- percona_monitoring_and_management | In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. | 2023-06-06 | not yet calculated | CVE-2023-34409 MISC |
qt -- qt | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | 2023-06-05 | not yet calculated | CVE-2023-34410 MISC MISC |
xml-rs_crate -- xml-rs_crate | The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid | 2023-06-05 | not yet calculated | CVE-2023-34411 MISC MISC MISC MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo. | 2023-06-08 | not yet calculated | CVE-2023-34566 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | 2023-06-08 | not yet calculated | CVE-2023-34567 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. | 2023-06-08 | not yet calculated | CVE-2023-34568 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | 2023-06-08 | not yet calculated | CVE-2023-34569 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName. | 2023-06-08 | not yet calculated | CVE-2023-34570 MISC |
tenda -- ac10 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. | 2023-06-08 | not yet calculated | CVE-2023-34571 MISC |
d-link -- di-7500g | A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | 2023-06-09 | not yet calculated | CVE-2023-34856 MISC |
chamilo -- chamilo | Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. | 2023-06-08 | not yet calculated | CVE-2023-34958 MISC MISC |
chamilo -- chamilo | An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools. | 2023-06-08 | not yet calculated | CVE-2023-34959 MISC MISC MISC MISC |
chamilo -- chamilo | Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. | 2023-06-08 | not yet calculated | CVE-2023-34961 MISC MISC |
chamilo -- chamilo | Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. | 2023-06-08 | not yet calculated | CVE-2023-34962 MISC MISC MISC |
d-bus -- d-bus | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. | 2023-06-08 | not yet calculated | CVE-2023-34969 MISC |
Source: CISA Bulletins
Source Link: https://www.cisa.gov/news-events/bulletins/sb23-163