CISA Bulletins - Vulnerability Summary for the Week of May 1, 2023

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities​

Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
ip-finder -- ip_blacklist_cloudA vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.2023-05-019.8CVE-2015-10105MISCMISCMISCMISC
opentext -- bizmanagerOpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.2023-05-019.8CVE-2022-35898MISCMISC
sage -- sage_300The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.2023-04-289.8CVE-2022-41397MISC
sage -- sage_300Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.2023-04-289.8CVE-2022-41400MISC
resort_reservation_system_project -- resort_reservation_systemA vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639.2023-04-289.8CVE-2023-2363MISCMISCMISC
faculty_evaluation_system_project -- faculty_evaluation_systemA vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability.2023-04-289.8CVE-2023-2365MISCMISCMISC
faculty_evaluation_system_project -- faculty_evaluation_systemA vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability.2023-04-289.8CVE-2023-2366MISCMISCMISC
faculty_evaluation_system_project -- faculty_evaluation_systemA vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643.2023-04-289.8CVE-2023-2367MISCMISCMISC
faculty_evaluation_system_project -- faculty_evaluation_systemA vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644.2023-04-289.8CVE-2023-2368MISCMISCMISC
faculty_evaluation_system_project -- faculty_evaluation_systemA vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability.2023-04-289.8CVE-2023-2369MISCMISCMISC
online_dj_management_system_project -- online_dj_management_systemA vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability.2023-04-289.8CVE-2023-2370MISCMISCMISC
online_dj_management_system_project -- online_dj_management_systemA vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.2023-04-289.8CVE-2023-2371MISCMISCMISC
phpmyfaq -- phpmyfaqImproper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.2023-04-309.8CVE-2023-2429MISCCONFIRM
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.2023-04-289.8CVE-2023-28473MISCMISC
antabot_white-jotter_project -- antabot_white-jotterFile upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload.2023-05-019.8CVE-2023-29635MISCMISC
milesight -- ms-n5008-uc_firmwareThis vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.
Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.
2023-04-289.8CVE-2023-30466MISC
milesight -- ms-n5008-uc_firmwareThis vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.
Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.
2023-04-289.8CVE-2023-30467MISC
zyxel -- nbg6604_firmwareThe post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.2023-05-018.8CVE-2023-22919CONFIRM
dedecms -- dedecmsA vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability.2023-04-298.8CVE-2023-2424MISCMISCMISC
nginx -- management_suiteNGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-05-038.1CVE-2023-28656MISC
sage -- sage_300On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server.2023-04-287.8CVE-2022-38583MISCMISC
jetbrains -- toolboxIn JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible2023-04-287.8CVE-2022-48481MISC
linux -- linux_kernelA use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.

We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
2023-05-017.8CVE-2023-2235MISCMISC
linux -- linux_kernelA use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.
Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.

We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.
2023-05-017.8CVE-2023-2236MISCMISC
linux -- linux_kernelA heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.
The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.

We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.
2023-05-017.8CVE-2023-2248MISCMISC
ibm -- aixIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.2023-04-287.8CVE-2023-28528MISCMISC
linux -- linux_kernelqfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.2023-04-287.8CVE-2023-31436MISCMISCMISC
powersoft -- powersoftImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.2023-05-047.5CVE-2017-20184MISC
sage -- sage_300The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information.2023-04-287.5CVE-2022-41398MISC
sage -- sage_300The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database.2023-04-287.5CVE-2022-41399MISC
zyxel -- nbg-418n_firmwareA cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.2023-05-017.5CVE-2023-22921CONFIRM
zyxel -- nbg-418n_firmwareA buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.2023-05-017.5CVE-2023-22922CONFIRM
lfprojects -- mlflowRelative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.2023-04-287.5CVE-2023-2356MISCCONFIRM
acronis -- cyber_infrastructureSensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.2023-04-287.5CVE-2023-2360MISC
obsidian -- obsidianAn issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.2023-05-017.5CVE-2023-27035MISCMISCMISC
f5 -- big-ipMultiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-05-037.5CVE-2023-27378MISC
ibm -- safer_paymentsIBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.2023-04-287.5CVE-2023-27556MISCMISCMISC
ibm -- safer_paymentsIBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192.2023-04-287.5CVE-2023-27557MISCMISC
trustwave -- modsecurityTrustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.2023-04-287.5CVE-2023-28882CONFIRM
f5 -- big-ipWhen UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-05-037.5CVE-2023-29163MISC
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-05-057.5CVE-2023-29350MISC
dlink -- dir-879_firmwareD-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.2023-05-017.5CVE-2023-30061MISCMISC
dlink -- dir-890l_firmwareD-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.2023-05-017.5CVE-2023-30063MISCMISC
f5 -- big-ipAn improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-05-037.4CVE-2023-24461MISC
f5 -- big-ipWhen DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-05-037.2CVE-2023-28742MISC
nginx -- management_suiteNGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-05-037.1CVE-2023-28724MISC

Back to top



Medium Vulnerabilities​

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
zyxel -- nbg-418n_firmwareA format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device.2023-05-016.5CVE-2023-22923CONFIRM
netgear -- srx5308_firmwareA vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-286.5CVE-2023-2380MISCMISCMISC
ac_repair_and_services_system_project -- ac_repair_and_services_systemA vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability.2023-04-286.5CVE-2023-2408MISCMISCMISC
ac_repair_and_services_system_project -- ac_repair_and_services_systemA vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703.2023-04-286.5CVE-2023-2409MISCMISCMISC
ac_repair_and_services_system_project -- ac_repair_and_services_systemA vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.2023-04-286.5CVE-2023-2410MISCMISCMISC
ac_repair_and_services_system_project -- ac_repair_and_services_systemA vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability.2023-04-286.5CVE-2023-2411MISCMISCMISC
ac_repair_and_services_system_project -- ac_repair_and_services_systemA vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability.2023-04-296.5CVE-2023-2412MISCMISCMISC
ac_repair_and_services_system_project -- ac_repair_and_services_systemA vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707.2023-04-296.5CVE-2023-2413MISCMISCMISC
konga_project -- kongaAn issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.2023-05-016.5CVE-2023-26987MISCMISCMISC
woocommerce -- icons_for_featuresA vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.2023-04-306.1CVE-2015-10104MISCMISCMISCMISC
hongcms_project -- hongcmsCross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.2023-04-286.1CVE-2020-21643MISC
boxbilling -- boxbillingCross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.2023-04-286.1CVE-2020-23647MISC
netgear -- srx5308_firmwareA vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-286.1CVE-2023-2395MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-286.1CVE-2023-2396MISCMISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.2023-04-286.1CVE-2023-28475MISCMISC
qbian61_forum-java_project -- qbian61_forum-javaCross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page.2023-05-016.1CVE-2023-29637MISC
ipandao -- editor.mdCross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.2023-05-016.1CVE-2023-29641MISC
f5 -- big-ipIn the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-05-035.9CVE-2023-22372MISC
wpdownloadmanager -- gutenberg_blocks_for_wordpress_download_managerAuth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.2023-05-035.4CVE-2023-22713MISC
pimcore -- pimcoreCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-285.4CVE-2023-2361CONFIRMMISC
resort_reservation_system_project -- resort_reservation_systemA vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640.2023-04-285.4CVE-2023-2364MISCMISCMISC
themeisle -- visualizerAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.2023-05-035.4CVE-2023-23708MISC
properfraction -- profilepressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.2023-05-035.4CVE-2023-23820MISC
metaphorcreations -- dittyAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.2023-05-035.4CVE-2023-23874MISC
tms-outsource -- wpdatatablesAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.2023-05-035.4CVE-2023-23876MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.2023-04-305.4CVE-2023-2428CONFIRMMISC
olevmedia -- olevmedia_shortcodesAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions.2023-05-035.4CVE-2023-25798MISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.2023-04-285.4CVE-2023-28471MISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.2023-04-285.4CVE-2023-28474MISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.2023-04-285.4CVE-2023-28476MISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.2023-04-285.4CVE-2023-28477MISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.2023-04-285.4CVE-2023-28819MISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.2023-04-285.4CVE-2023-28820MISCMISC
f5 -- big-iqAn authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-05-035.4CVE-2023-29240MISC
zhenfeng13_my-blog_project -- zhenfeng13_my-blogCross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.2023-05-015.4CVE-2023-29636MISC
zhenfeng13_my-blog_project -- zhenfeng13_my-blogCross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.2023-05-015.4CVE-2023-29639MISC
perfreeblog_project -- perfreeblogCross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.2023-05-015.4CVE-2023-29643MISC
wuzhicms -- wuzhicmswuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.2023-04-285.4CVE-2023-30123MISC
ibm -- safer_paymentsIBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052.2023-04-285.3CVE-2020-4729MISCMISC
f5 -- big-ipWhen an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-05-035.3CVE-2023-24594MISC
kaiostech -- kaiosAn issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch.2023-05-015.3CVE-2023-27108MISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.2023-04-285.3CVE-2023-28472MISCMISC
concretecms -- concrete_cmsConcrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.2023-04-285.3CVE-2023-28821MISCMISC
zyxel -- nbg-418n_firmwareA buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.2023-05-014.9CVE-2023-22924CONFIRM
wptablebuilder -- wp_table_builderAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions.2023-05-034.8CVE-2022-46852MISC
clio -- clio_growAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themis Solutions, Inc. Clio Grow plugin <= 1.0.0 versions.2023-05-034.8CVE-2023-22683MISC
online_dj_management_system_project -- online_dj_management_systemA vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648.2023-04-284.8CVE-2023-2372MISCMISCMISC
exquisite_paypal_donation_project -- exquisite_paypal_donationAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.2023-05-034.8CVE-2023-23785MISC
netgear -- srx5308_firmwareA vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2381MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2382MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2383MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2384MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2385MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2386MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2387MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2388MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2389MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2390MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2391MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2392MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2393MISCMISCMISC
netgear -- srx5308_firmwareA vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-284.8CVE-2023-2394MISCMISCMISC
simple_mobile_comparison_website_project -- simple_mobile_comparison_websiteA vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675.2023-04-284.8CVE-2023-2397MISCMISCMISC
simple_student_information_system_project -- simple_student_information_systemA vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751.2023-04-294.8CVE-2023-2425MISCMISCMISC
firecask_like_\&share_button_project -- firecask_like\&_share_buttonAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.2023-05-034.8CVE-2023-25783MISC
sticky_ad_bar_project -- sticky_ad_barAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions.2023-05-034.8CVE-2023-25784MISC
eyes_only_user_access_shortcode_project -- eyes_only_user_access_shortcodeAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.2023-05-034.8CVE-2023-25786MISC
tapfiliate -- tapfiliateAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.2023-05-034.8CVE-2023-25789MISC
wp_baidu_submit_project -- wp_baidu_submitAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions.2023-05-034.8CVE-2023-25796MISC
total-soft -- video_galleryAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions.2023-05-034.8CVE-2023-25979MISC
microsoft -- edgeMicrosoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-05-054.7CVE-2023-29354MISC
f5 -- big-ipA directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-05-034.3CVE-2023-28406MISC

Back to top



Low Vulnerabilities​

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
hashicorp -- vaultHashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.22023-05-012.5CVE-2023-2197MISC

Back to top



Severity Not Yet Assigned​

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
wordpress -- wordpressA vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability.2023-05-02not yet calculatedCVE-2013-10026MISCMISCMISC
wordpress -- wordpressA vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764.2023-05-02not yet calculatedCVE-2014-125100MISCMISCMISC
wordpress -- wordpressA vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability.2023-05-06not yet calculatedCVE-2016-15031MISCMISCMISCMISC
cyberark -- viewfinityIn CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.2023-05-03not yet calculatedCVE-2017-11197MISCMISC
wordpress -- wordpressA vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.2023-05-05not yet calculatedCVE-2017-20183MISCMISCMISCMISC
drupal -- responsive_meusA vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.2023-05-01not yet calculatedCVE-2018-25085MISCMISCMISCMISCMISC
redox_os -- redox_osredox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.2023-05-03not yet calculatedCVE-2020-22429MISCMISC
ibm -- cloud_park_system_software_SuiteIBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.2023-05-05not yet calculatedCVE-2020-4914MISCMISC
apache -- ranger_hive_pluginAn Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.
2023-05-05not yet calculatedCVE-2021-40331MISC
ibm -- qradar_data_ aynchronizatio_appIBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370.2023-05-06not yet calculatedCVE-2022-22313MISCMISC
qualcomm -- snapdragonMemory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.2023-05-02not yet calculatedCVE-2022-25713MISC
nokia -- one_ndsIn Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.2023-05-02not yet calculatedCVE-2022-30759MISCMISC
acronis -- multiple_productsSensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.2023-05-03not yet calculatedCVE-2022-30995MISC
qualcomm -- snapdragonInformation disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.2023-05-02not yet calculatedCVE-2022-33273MISC
qualcomm -- snapdragonMemory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.2023-05-02not yet calculatedCVE-2022-33281MISC
qualcomm -- snapdragonMemory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.2023-05-02not yet calculatedCVE-2022-33292MISC
qualcomm -- snapdragonTransient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.2023-05-02not yet calculatedCVE-2022-33304MISC
qualcomm -- snapdragonTransient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.2023-05-02not yet calculatedCVE-2022-33305MISC
acronis -- multiple_productsCode execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.2023-05-03not yet calculatedCVE-2022-3405MISCMISC
qualcomm -- snapdragonTransient DOS due to reachable assertion in Modem during OSI decode scheduling.2023-05-02not yet calculatedCVE-2022-34144MISC
ibm -- congos_command_centerIBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.2023-05-05not yet calculatedCVE-2022-38707MISCMISC
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.2023-05-03not yet calculatedCVE-2022-39161MISCMISC
frrouting -- frroutingAn issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.2023-05-03not yet calculatedCVE-2022-40302MISC
frrouting -- frroutingAn issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.2023-05-03not yet calculatedCVE-2022-40318MISC
qualcomm -- snapdragonTransient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.2023-05-02not yet calculatedCVE-2022-40504MISC
qualcomm -- snapdragonInformation disclosure due to buffer over-read in Modem while parsing DNS hostname.2023-05-02not yet calculatedCVE-2022-40505MISC
qualcomm -- snapdragonTransient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.2023-05-02not yet calculatedCVE-2022-40508MISC
ibm – spectrum_scale_container_native_storage_accessIBM Spectrum Scale Container Native Storage Access
5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.
2023-04-29not yet calculatedCVE-2022-41736MISCMISC
nozomi_networks -- multiple_productsDue to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.2023-05-04not yet calculatedCVE-2022-4259MISC
frrouting -- frroutingAn out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.2023-05-03not yet calculatedCVE-2022-43681MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.2023-05-03not yet calculatedCVE-2022-4376MISCCONFIRMMISC
ibm – maximo_asset_managementIBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.2023-05-05not yet calculatedCVE-2022-43866MISCMISC
ibm -- financial_transaction_manager_swift_servicesIBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707.2023-04-29not yet calculatedCVE-2022-43871MISCMISC
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.2023-05-06not yet calculatedCVE-2022-43877MISCMISC
ibm -- mqIBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.2023-05-05not yet calculatedCVE-2022-43919MISCMISC
fortiguard -- fortinacA URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions,
8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
2023-05-03not yet calculatedCVE-2022-43950MISC
apache -- rangerAuthenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.2023-05-05not yet calculatedCVE-2022-45048MISC
lenovo -- system_updateA directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.2023-05-01not yet calculatedCVE-2022-4568MISC
apache -- streamparkApache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.
LDAP Injection is an attack used to exploit web based applications
that construct LDAP statements based on user input. When an
application fails to properly sanitize user input, it's possible to
modify LDAP statements through techniques similar to SQL Injection.
LDAP injection attacks could result in the granting of permissions to
unauthorized queries, and content modification inside the LDAP tree.
This risk may only occur when the user logs in with ldap, and the user
name and password login will not be affected, Users of the affected
versions should upgrade to Apache StreamPark 2.0.0 or later.
2023-05-01not yet calculatedCVE-2022-45801MISC
apache -- streamparkStreampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later2023-05-01not yet calculatedCVE-2022-45802MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions.2023-05-04not yet calculatedCVE-2022-45818MISC
fortiguard -- fortinacA use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.2023-05-03not yet calculatedCVE-2022-45858MISC
fortiguard -- fortinacAn insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.2023-05-03not yet calculatedCVE-2022-45859MISC
fortiguard -- fortinacA weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.2023-05-03not yet calculatedCVE-2022-45860MISC
apache -- streamparkApache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.2023-05-01not yet calculatedCVE-2022-46365MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions.2023-05-04not yet calculatedCVE-2022-47434MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions.2023-05-04not yet calculatedCVE-2022-47449MISC
imo.im -- imo.imIn imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.2023-05-04not yet calculatedCVE-2022-47757MISC
jedox -- gmbhImproper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.2023-05-02not yet calculatedCVE-2022-47874MISCMISC
jedox -- gmbhA Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.2023-05-02not yet calculatedCVE-2022-47875MISCMISC
jedox -- gmbhThe integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.2023-05-02not yet calculatedCVE-2022-47876MISCMISC
jedox -- gmbhA Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.2023-05-02not yet calculatedCVE-2022-47877MISCMISC
jedox -- gmbhIncorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code.2023-05-02not yet calculatedCVE-2022-47878MISCMISC
lenovo -- baiying_for_androidA certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.2023-05-01not yet calculatedCVE-2022-48186MISC
3cx -- security_hotfix3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.2023-05-02not yet calculatedCVE-2022-48482MISCMISC
3cx -- security_hotfix3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.2023-05-02not yet calculatedCVE-2022-48483MISCMISC
gitlab -- multiple_productsAn issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown2023-05-03not yet calculatedCVE-2023-0155CONFIRMMISCMISC
gitlab -- multiple_productsAn issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.2023-05-03not yet calculatedCVE-2023-0485MISCMISCCONFIRM
lenovo -- xccA valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.2023-05-01not yet calculatedCVE-2023-0683MISC
gitlab -- multiple_productsAn issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.2023-05-03not yet calculatedCVE-2023-0756MISCMISCCONFIRM
gitlab -- eeAn issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.2023-05-03not yet calculatedCVE-2023-0805CONFIRMMISCMISC
wordpress -- wordpressThe StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-05-02not yet calculatedCVE-2023-0891MISC
lenovo -- smart_clock_essential_with_alexa_built_inA default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.2023-05-01not yet calculatedCVE-2023-0896MISC
wordpress -- wordpressThe ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.2023-05-02not yet calculatedCVE-2023-0924MISC
wordpress -- wordpressThe amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-05-02not yet calculatedCVE-2023-1021MISC
wordpress -- wordpressThe SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-05-02not yet calculatedCVE-2023-1090MISCMISC
wordpress -- wordpressThe Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own.2023-05-02not yet calculatedCVE-2023-1125MISC
gitlab -- multiple_productsAn issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.2023-05-03not yet calculatedCVE-2023-1178MISCCONFIRMMISC
wordpress -- wordpressThe Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.2023-05-02not yet calculatedCVE-2023-1196MISCMISC
gitlab -- multiple_productsAn issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.2023-05-03not yet calculatedCVE-2023-1204MISCCONFIRMMISC
gitlab -- multiple_productsAn issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.2023-05-03not yet calculatedCVE-2023-1265MISCCONFIRMMISC
amazon --fire_tv_stickAn Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.
This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS versions prior to 7.6.3.3.
2023-05-03not yet calculatedCVE-2023-1383MISC
amazon -- fire_tv_stickThe setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run
This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS versions prior to 7.6.3.3.
2023-05-03not yet calculatedCVE-2023-1384MISC
amazon -- fire_tv_stickImproper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3.
2023-05-03not yet calculatedCVE-2023-1385MISC
wordpress -- wordpressThe Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-05-02not yet calculatedCVE-2023-1525MISC
wordpress -- wordpressThe MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting2023-05-02not yet calculatedCVE-2023-1546MISC
wordpress -- wordpressThe Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-05-02not yet calculatedCVE-2023-1554MISC
wordpress -- wordpressThe WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-05-02not yet calculatedCVE-2023-1614MISC
wordpress -- wordpressThe SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.2023-05-02not yet calculatedCVE-2023-1669MISC
wordpress -- wordpressThe SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks2023-05-02not yet calculatedCVE-2023-1730MISC
wordpress -- wordpressThe Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.2023-05-02not yet calculatedCVE-2023-1804MISC
wordpress -- wordpressThe Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-05-02not yet calculatedCVE-2023-1805MISC
wordpress -- wordpressThe Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.2023-05-02not yet calculatedCVE-2023-1809MISC
gitlab -- gitlabA cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances2023-05-03not yet calculatedCVE-2023-1836CONFIRMMISCMISC
wordpress -- wordpressThe Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks2023-05-02not yet calculatedCVE-2023-1861MISC
puppet -- puppet_enterprise/puppet_serverA Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.2023-05-04not yet calculatedCVE-2023-1894MISC
wordpress -- wordpressThe Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example2023-05-02not yet calculatedCVE-2023-1911MISC
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.2023-05-03not yet calculatedCVE-2023-1965MISCCONFIRMMISC
mattermost -- mattermostMattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website2023-05-02not yet calculatedCVE-2023-2000MISC
cisco -- small_business_ip_phonesA vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.2023-05-04not yet calculatedCVE-2023-20126CISCO
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.2023-05-03not yet calculatedCVE-2023-2069MISCCONFIRMMISC
samsung -- andriod_devicesImproper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.2023-05-04not yet calculatedCVE-2023-21484MISC
samsung -- andriod_devicesImproper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.2023-05-04not yet calculatedCVE-2023-21485MISC
samsung -- andriod_devicesImproper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.2023-05-04not yet calculatedCVE-2023-21486MISC
samsung -- andriod_devicesImproper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.2023-05-04not yet calculatedCVE-2023-21487MISC
samsung -- andriod_devicesImproper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.2023-05-04not yet calculatedCVE-2023-21488MISC
samsung -- andriod_devicesHeap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.2023-05-04not yet calculatedCVE-2023-21489MISC
samsung -- andriod_devicesImproper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.2023-05-04not yet calculatedCVE-2023-21490MISC
samsung -- andriod_devicesImproper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.2023-05-04not yet calculatedCVE-2023-21491MISC
samsung -- andriod_devicesKernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.2023-05-04not yet calculatedCVE-2023-21492MISC
samsung -- andriod_devicesImproper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.2023-05-04not yet calculatedCVE-2023-21493MISC
samsung -- andriod_devicesPotential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.2023-05-04not yet calculatedCVE-2023-21494MISC
samsung -- andriod_devicesImproper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.2023-05-04not yet calculatedCVE-2023-21495MISC
samsung -- andriod_devicesActive Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.2023-05-04not yet calculatedCVE-2023-21496MISC
samsung -- andriod_devicesUse of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.2023-05-04not yet calculatedCVE-2023-21497MISC
msamsung -- andriod_devicesImproper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.2023-05-04not yet calculatedCVE-2023-21498MISC
samsung -- andriod_devicesOut-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.2023-05-04not yet calculatedCVE-2023-21499MISC
samsung -- andriod_devicesDouble free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.2023-05-04not yet calculatedCVE-2023-21500MISC
samsung -- andriod_devicesImproper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.2023-05-04not yet calculatedCVE-2023-21501MISC
samsung -- andriod_devicesImproper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.2023-05-04not yet calculatedCVE-2023-21502MISC
samsung -- andriod_devicesPotential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.2023-05-04not yet calculatedCVE-2023-21503MISC
samsung -- andriod_devicesPotential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.2023-05-04not yet calculatedCVE-2023-21504MISC
samsung -- core_serviceImproper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.2023-05-04not yet calculatedCVE-2023-21505MISC
samsung_mobile -- blockchain_keystoreOut-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.2023-05-04not yet calculatedCVE-2023-21506MISC
samsung_mobile -- blockchain_keystoreOut-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.2023-05-04not yet calculatedCVE-2023-21507MISC
samsung_mobile -- blockchain_keystoreOut-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.2023-05-04not yet calculatedCVE-2023-21508MISC
samsung_mobile -- blockchain_keystoreOut-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.2023-05-04not yet calculatedCVE-2023-21509MISC
samsung_mobile -- blockchain_keystoreOut-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.2023-05-04not yet calculatedCVE-2023-21510MISC
samsung_mobile -- blockchain_keystoreOut-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.2023-05-04not yet calculatedCVE-2023-21511MISC
qualcomm -- snapdragonMemory corruption in HAB Memory management due to broad system privileges via physical address.2023-05-02not yet calculatedCVE-2023-21642MISC
qualcomm -- snapdragonMemory corruption in Graphics while importing a file.2023-05-02not yet calculatedCVE-2023-21665MISC
qualcomm -- snapdragonMemory Corruption in Graphics while accessing a buffer allocated through the graphics pool.2023-05-02not yet calculatedCVE-2023-21666MISC
gitlab -- gitlab_enterprise_editionAn issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.2023-05-03not yet calculatedCVE-2023-2182CONFIRMMISC
octopus_deploy -- octopus_serverIn affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function2023-05-02not yet calculatedCVE-2023-2247MISC
atlassian -- confluenceAffected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.
This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.

The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
2023-05-01not yet calculatedCVE-2023-22503MISC
fortinet -- fortinacAn improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.2023-05-03not yet calculatedCVE-2023-22637MISC
fortinet -- forties_fortiproxyA out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.2023-05-03not yet calculatedCVE-2023-22640MISC
suse -- rancherImproper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to
the misconfiguration of the Webhook. This component enforces validation
rules and security checks before resources are admitted into the
Kubernetes cluster.
The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
2023-05-04not yet calculatedCVE-2023-22651MISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.2023-05-03not yet calculatedCVE-2023-22691MISC
ibm -- mq_clientsIBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.2023-05-05not yet calculatedCVE-2023-22874MISCMISC
geovision -- gv-edge_recording_managerAn issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.2023-05-04not yet calculatedCVE-2023-23059MISCMISCMISC
ibm -- ibm_iIBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.2023-05-04not yet calculatedCVE-2023-23470MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.2023-05-02not yet calculatedCVE-2023-23723MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.2023-05-03not yet calculatedCVE-2023-23790MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions.2023-05-03not yet calculatedCVE-2023-23808MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Moris Dov Stock market charts from finviz plugin <= 1.0.1 versions.2023-05-03not yet calculatedCVE-2023-23809MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.2023-05-03not yet calculatedCVE-2023-23830MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions.2023-05-03not yet calculatedCVE-2023-23875MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.2023-05-03not yet calculatedCVE-2023-23881MISC
ks-soft -- advanced_host_monitorA vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.2023-04-29not yet calculatedCVE-2023-2417MISCMISCMISC
konga -- kongaA vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715.2023-04-29not yet calculatedCVE-2023-2418MISCMISCMISC
zhong_bang_crmeb -- zhong_bang_crmebA vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716.2023-04-29not yet calculatedCVE-2023-2419MISCMISCMISC
mlecms -- mlecmsA vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.2023-04-29not yet calculatedCVE-2023-2420MISCMISCMISC
control_id -- rhidA vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-29not yet calculatedCVE-2023-2421MISCMISCMISC
vim -- vimUse of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.2023-04-29not yet calculatedCVE-2023-2426CONFIRMMISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.2023-05-05not yet calculatedCVE-2023-2427MISCCONFIRM
devolutions_inc -- devolutions_serverImproper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.2023-05-02not yet calculatedCVE-2023-2445MISC
sourcecodester -- online_dj_management_systemA vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795.2023-05-01not yet calculatedCVE-2023-2451MISCMISCMISC
google -- chromeInappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-05-03not yet calculatedCVE-2023-2459MISCMISCMISCMISC
google -- chromeInsufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)2023-05-03not yet calculatedCVE-2023-2460MISCMISCMISCMISC
google -- chromeUse after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)2023-05-03not yet calculatedCVE-2023-2461MISCMISCMISCMISC
google -- chromeInappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)2023-05-03not yet calculatedCVE-2023-2462MISCMISCMISCMISC
google -- chromeInappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)2023-05-03not yet calculatedCVE-2023-2463MISCMISCMISCMISC
google -- chromeInappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)2023-05-03not yet calculatedCVE-2023-2464MISCMISCMISCMISC
google -- chromeInappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)2023-05-03not yet calculatedCVE-2023-2465MISCMISCMISCMISC
google -- chromeInappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)2023-05-03not yet calculatedCVE-2023-2466MISCMISCMISCMISC
google -- chromeInappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)2023-05-03not yet calculatedCVE-2023-2467MISCMISCMISCMISC
google -- chromeInappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)2023-05-03not yet calculatedCVE-2023-2468MISCMISCMISCMISC
dreamer_cms -- dreamer_cmsA vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.2023-05-02not yet calculatedCVE-2023-2473MISCMISCMISC
rebuild -- rebuildA vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability.2023-05-02not yet calculatedCVE-2023-2474MISCMISCMISC
rediker_software -- adminplusCross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.2023-05-03not yet calculatedCVE-2023-24744MISC
dromara -- j2eefastA vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867.2023-05-02not yet calculatedCVE-2023-2475MISCMISCMISCMISC
dromara -- j2eefastA vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868.2023-05-02not yet calculatedCVE-2023-2476MISCMISCMISCMISC
funadmin -- funadminA vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.2023-05-02not yet calculatedCVE-2023-2477MISCMISCMISC
appium -- appiumOS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.2023-05-02not yet calculatedCVE-2023-2479CONFIRMMISC
ibm -- business_automation_workflowIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.2023-05-06not yet calculatedCVE-2023-24957MISCMISC
ibm -- virtualization_engine_ts7700A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.2023-05-04not yet calculatedCVE-2023-24958MISCMISC
teampass -- teampassCross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.2023-05-05not yet calculatedCVE-2023-2516MISCCONFIRM
caton -- ctp_relay_serverA vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-04not yet calculatedCVE-2023-2519MISCMISC
caton -- primeA vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-04not yet calculatedCVE-2023-2520MISCMISCMISC
nextu -- next-7004nA vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-04not yet calculatedCVE-2023-2521MISCMISC
chengdu -- vec40gA vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-04not yet calculatedCVE-2023-2522MISCMISCMISC
weaver -- e-officeA vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-04not yet calculatedCVE-2023-2523MISCMISCMISC
control_id -- rhidA vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-04not yet calculatedCVE-2023-2524MISCMISC
virtualreception_digital_receptie -- virtualreception_digital_receptieDirectory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.2023-05-04not yet calculatedCVE-2023-25289MISC
azuracast -- azuracastImproper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.2023-05-05not yet calculatedCVE-2023-2531CONFIRMMISC
genomedics -- millegp5An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.2023-05-04not yet calculatedCVE-2023-25438MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions.2023-05-04not yet calculatedCVE-2023-25458MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions.2023-05-06not yet calculatedCVE-2023-25491MISC
lenovo -- xclarity_controllerA valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.2023-05-01not yet calculatedCVE-2023-25492MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.2023-05-05not yet calculatedCVE-2023-2550MISCCONFIRM
unilogies -- bumsysPHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.2023-05-05not yet calculatedCVE-2023-2551MISCCONFIRM
unilogies -- bumsysCross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.2023-05-05not yet calculatedCVE-2023-2552CONFIRMMISC
unilogies -- bumsysCross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.2023-05-05not yet calculatedCVE-2023-2553CONFIRMMISC
unilogies -- bumsysExternal Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.2023-05-05not yet calculatedCVE-2023-2554CONFIRMMISC
jja8 -- newbinggogoA vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167.2023-05-06not yet calculatedCVE-2023-2560MISCMISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions.2023-05-03not yet calculatedCVE-2023-25787MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions.2023-05-03not yet calculatedCVE-2023-25792MISC
wordpress -- wordpressAuth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.2023-05-03not yet calculatedCVE-2023-25797MISC
opentsdb -- opentsdbDue to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.2023-05-03not yet calculatedCVE-2023-25826MISCMISC
opentsdb -- opentsdbDue to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.2023-05-03not yet calculatedCVE-2023-25827MISCMISC
dell -- ecsDELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.2023-05-04not yet calculatedCVE-2023-25934MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.2023-05-04not yet calculatedCVE-2023-25961MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.2023-05-04not yet calculatedCVE-2023-25962MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions.2023-05-03not yet calculatedCVE-2023-25967MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions.2023-05-04not yet calculatedCVE-2023-25977MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions.2023-05-04not yet calculatedCVE-2023-25982MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions.2023-05-04not yet calculatedCVE-2023-26010MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.2023-05-04not yet calculatedCVE-2023-26012MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions.2023-05-04not yet calculatedCVE-2023-26016MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions.2023-05-03not yet calculatedCVE-2023-26017MISC
european_chemicals_agency -- iuclidEuropean Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5.2023-05-02not yet calculatedCVE-2023-26089MISCMISCMISC
gin_gonic -- ginVersions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.
Note: Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.
2023-05-04not yet calculatedCVE-2023-26125MISCMISCMISCMISCMISC
fortinet -- multiple_productsA use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.2023-05-03not yet calculatedCVE-2023-26203MISC
apache -- couchdbDesign documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
  • validate_doc_update
  • list

* filter

* filter views (using view functions as filters)

* rewrite

* update

This doesn't affect map/reduce or search (Dreyfus) index functions.

Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).

Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
2023-05-02not yet calculatedCVE-2023-26268MISCMISCMISC
ibm -- mqIBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.2023-05-05not yet calculatedCVE-2023-26285MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions.2023-05-06not yet calculatedCVE-2023-26517MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions.2023-05-06not yet calculatedCVE-2023-26519MISC
european_chemicals_agency -- iuclidEuropean Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.2023-05-02not yet calculatedCVE-2023-26546MISCMISCMISC
microbin -- microbinA cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-05-04not yet calculatedCVE-2023-27075MISCMISC
inspryker -- commerce_osSQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=2023-05-04not yet calculatedCVE-2023-27568MISCMISC
shapeshift -- keepkeyInsufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet.2023-05-02not yet calculatedCVE-2023-27892MISCMISC
fortinet -- fortiadcA relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.2023-05-03not yet calculatedCVE-2023-27993MISC
fortinet -- fortiadcAn improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.2023-05-03not yet calculatedCVE-2023-27999MISC
dell -- command_monitorDell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path2023-05-05not yet calculatedCVE-2023-28068MISC
dell -- alienware_command_center_applicationAlienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.2023-05-03not yet calculatedCVE-2023-28070MISC
hpe -- proliant_rl300_gen11_serverA potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.2023-05-01not yet calculatedCVE-2023-28092MISC
winterchens -- my_siteCross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles.2023-05-01not yet calculatedCVE-2023-29638MISC
libheif -- libheifA Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.2023-05-05not yet calculatedCVE-2023-29659MISCFEDORAFEDORA
tenda -- n301Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.2023-05-01not yet calculatedCVE-2023-29680MISCMISC
tenda -- n301Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.2023-05-01not yet calculatedCVE-2023-29681MISCMISC
asus -- rt_ac51uA Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request.2023-05-02not yet calculatedCVE-2023-29772MISC
gl.inet -- mt3000GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.2023-05-02not yet calculatedCVE-2023-29778MISCMISC
ejs -- ejsejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.2023-05-04not yet calculatedCVE-2023-29827MISC
hotel_druid -- hotel_druidA Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.2023-05-03not yet calculatedCVE-2023-29839MISC
chuchcrm -- churchcrmChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.2023-05-04not yet calculatedCVE-2023-29842MISCMISCMISC
zammad -- zammadZammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.2023-05-02not yet calculatedCVE-2023-29867MISC
zammad -- zammadZammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.2023-05-02not yet calculatedCVE-2023-29868MISC
rosariosis -- rosariosisRosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.2023-05-02not yet calculatedCVE-2023-29918MISC
llvm-project -- llvm-projectllvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.2023-05-05not yet calculatedCVE-2023-29932MISC
llvm-project -- llvm-projectllvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.2023-05-05not yet calculatedCVE-2023-29933MISC
llvm-project -- llvm-projectllvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().2023-05-05not yet calculatedCVE-2023-29934MISC
llvm-project -- llvm-projectllvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.2023-05-05not yet calculatedCVE-2023-29935MISC
llvm-project -- llvm-projectllvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).2023-05-05not yet calculatedCVE-2023-29939MISC
llvm-project -- llvm-projectllvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.2023-05-05not yet calculatedCVE-2023-29941MISC
llvm-project -- llvm-projectllvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.2023-05-05not yet calculatedCVE-2023-29942MISC
s-cms -- s-cmsS-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.2023-05-05not yet calculatedCVE-2023-29963MISC
nanomq -- nanomqIn NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.2023-05-04not yet calculatedCVE-2023-29994MISC
nanomq -- nanomqIn NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c2023-05-04not yet calculatedCVE-2023-29995MISC
nanomq -- nanomqIn NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.2023-05-04not yet calculatedCVE-2023-29996MISC
totolink -- x5000rTOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.2023-05-05not yet calculatedCVE-2023-30013MISC
totolink -- a7100ruTOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.2023-05-05not yet calculatedCVE-2023-30053MISC
totolink -- a7100ruTOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.2023-05-05not yet calculatedCVE-2023-30054MISC
mitrastar -- gpt-2741gnac-n2MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function.2023-05-05not yet calculatedCVE-2023-30065MISC
sourcecodester -- judging_management_systemJudging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.2023-05-04not yet calculatedCVE-2023-30077MISCMISC
semcms -- shop_v4.2Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.2023-05-05not yet calculatedCVE-2023-30090MISC
open_networking_foundation -- onosAn arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file.2023-05-04not yet calculatedCVE-2023-30093MISC
totaljs --flow_v10A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.2023-05-04not yet calculatedCVE-2023-30094MISCMISCMISC
totaljs -- messenger_commit_b6cf1c9A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.2023-05-04not yet calculatedCVE-2023-30095MISCMISCMISC
totaljs -- messenger_commit_b6cf1c9A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.2023-05-04not yet calculatedCVE-2023-30096MISCMISCMISC
totaljs -- messenger_commit_b6cf1c9A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.2023-05-04not yet calculatedCVE-2023-30097MISCMISCMISC
online_food_ordering_system_v2.0 -- online_food_ordering_system_v2.0An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.2023-05-05not yet calculatedCVE-2023-30122MISC
tenda -- aC18_v15.03.05.19(6318)cnTenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.2023-05-05not yet calculatedCVE-2023-30135MISC
typecho_v1.2.0 -- typecho_v1.2.0A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.2023-05-04not yet calculatedCVE-2023-30184MISC
judging_management_system_v1.0 -- judging_management_system_v1.0Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.2023-05-04not yet calculatedCVE-2023-30203MISC
judging_management_system_v1.0 -- judging_management_system_v1.0Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.2023-05-03not yet calculatedCVE-2023-30204MISC
douphp -- douphpA stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.2023-05-03not yet calculatedCVE-2023-30205MISC
newbee-mall -- newbee-mallInsecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.2023-05-04not yet calculatedCVE-2023-30216MISC
beijing_netcon -- ns-asgNS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.2023-05-05not yet calculatedCVE-2023-30242MISCMISCMISC
beijing_netcon_ -- ns-asgBeijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information.2023-05-05not yet calculatedCVE-2023-30243MISCMISC
cltphp -- cltphpCLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.2023-05-04not yet calculatedCVE-2023-30264MISC
cltphp -- cltphpCLTPHP <=6.0 is vulnerable to Improper Input Validation.2023-05-04not yet calculatedCVE-2023-30268MISCMISC
prestashop -- scexportcustomersPrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.2023-05-04not yet calculatedCVE-2023-30282MISC
webassembly -- hang_wasmAn issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.2023-05-03not yet calculatedCVE-2023-30300MISC
mailbutler_gmbh -- shimo_vpn_clientAn issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use.2023-05-04not yet calculatedCVE-2023-30328MISCMISC
beetl -- beetlAn issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.2023-05-04not yet calculatedCVE-2023-30331MISCMISC
garo -- wallbox_glb/gtb/gtcInsecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.2023-05-04not yet calculatedCVE-2023-30399MISCMISCMISC
aigital -- wireless-n_repeater_mini_router_v0.131229An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user.2023-05-02not yet calculatedCVE-2023-30403MISCMISC
ibm -- multiple_productsIBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.2023-05-05not yet calculatedCVE-2023-30434MISCMISCMISC
ibm -- javaIBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.2023-04-29not yet calculatedCVE-2023-30441MISCMISCMISCMISCMISC
metersphere -- metersphereMeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.2023-05-04not yet calculatedCVE-2023-30550MISCMISC
enalean -- tuleanTuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.2023-05-04not yet calculatedCVE-2023-30619MISCMISCMISCMISC
archer -- platformArcher Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release.2023-05-01not yet calculatedCVE-2023-30639CONFIRM
meta_platforms -- lexicalAnchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.2023-04-29not yet calculatedCVE-2023-30792MISC
triton -- tritonmcTriton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.2023-05-01not yet calculatedCVE-2023-30859MISCMISC
pallets -- flaskFlask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets session.permanent = True
3. The application does not access or modify the session at any point during a request.
4. SESSION_REFRESH_EACH_REQUEST enabled (the default).
5. The application does not set a Cache-Control header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the Vary: Cookie header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.
2023-05-02not yet calculatedCVE-2023-30861MISCMISCMISCMISCMISC
wordpress -- wordpressImproper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.2023-05-02not yet calculatedCVE-2023-30869MISCMISC
moodle -- moodleThe vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.2023-05-02not yet calculatedCVE-2023-30943MISCMISCMISC
moodle -- moodleThe vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.2023-05-02not yet calculatedCVE-2023-30944MISCMISCMISC
zoho -- madengine_opmanagerZoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.2023-05-04not yet calculatedCVE-2023-31099MISCMISC
checkmk -- checkmkTransmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.2023-05-02not yet calculatedCVE-2023-31207MISC
illumos -- gateillumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.2023-05-04not yet calculatedCVE-2023-31284MISCMISC
elastic -- filebeatFilebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.2023-05-04not yet calculatedCVE-2023-31413MISCMISC
elastic -- kibanaKibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.2023-05-04not yet calculatedCVE-2023-31414MISCMISC
elastic -- kibanaKibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.2023-05-04not yet calculatedCVE-2023-31415MISCMISC
logbuch -- evasysA SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter.2023-05-02not yet calculatedCVE-2023-31433MISC
logbuch -- evasysThe parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.2023-05-02not yet calculatedCVE-2023-31434MISC
logbuch -- evasysMultiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.2023-05-02not yet calculatedCVE-2023-31435MISC
cauldron -- cbangtar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.2023-04-28not yet calculatedCVE-2023-31483MISCMISC
cpanpm -- cpanpmCPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.2023-04-29not yet calculatedCVE-2023-31484MISCMISCMISCMISCMLISTMLISTMLISTMLIST
cpanpm -- apiGitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.2023-04-29not yet calculatedCVE-2023-31485MISCMISCMISCMISCMLISTMLISTMLISTMLIST
cpanpm -- tinyHTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.2023-04-29not yet calculatedCVE-2023-31486MISCMISCMISCMISCMLISTMLISTMLISTMISCMLIST
ghost -- ghostGhost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.2023-05-05not yet calculatedCVE-2023-32235MISCMISC
linux -- kernelAn issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.2023-05-05not yet calculatedCVE-2023-32269MISCMISC

Back to top

Continue reading...