Vulnerability Summary for the Week of May 1, 2023

Posted by:

|

On:

|

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary Vendor — Product Description Published CVSS Score Source & Patch Info
ip-finder — ip_blacklist_cloud A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. 2023-05-01 9.8 CVE-2015-10105MISCMISCMISCMISC
opentext — bizmanager OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. 2023-05-01 9.8 CVE-2022-35898MISCMISC
sage — sage_300 The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key (“LandlordPassKey”) to encrypt and decrypt secrets stored in configuration files and in database tables. 2023-04-28 9.8 CVE-2022-41397MISC
sage — sage_300 Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. 2023-04-28 9.8 CVE-2022-41400MISC
resort_reservation_system_project — resort_reservation_system A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639. 2023-04-28 9.8 CVE-2023-2363MISCMISCMISC
faculty_evaluation_system_project — faculty_evaluation_system A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability. 2023-04-28 9.8 CVE-2023-2365MISCMISCMISC
faculty_evaluation_system_project — faculty_evaluation_system A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability. 2023-04-28 9.8 CVE-2023-2366MISCMISCMISC
faculty_evaluation_system_project — faculty_evaluation_system A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643. 2023-04-28 9.8 CVE-2023-2367MISCMISCMISC
faculty_evaluation_system_project — faculty_evaluation_system A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644. 2023-04-28 9.8 CVE-2023-2368MISCMISCMISC
faculty_evaluation_system_project — faculty_evaluation_system A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability. 2023-04-28 9.8 CVE-2023-2369MISCMISCMISC
online_dj_management_system_project — online_dj_management_system A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability. 2023-04-28 9.8 CVE-2023-2370MISCMISCMISC
online_dj_management_system_project — online_dj_management_system A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647. 2023-04-28 9.8 CVE-2023-2371MISCMISCMISC
phpmyfaq — phpmyfaq Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. 2023-04-30 9.8 CVE-2023-2429MISCCONFIRM
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section. 2023-04-28 9.8 CVE-2023-28473MISCMISC
antabot_white-jotter_project — antabot_white-jotter File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. 2023-05-01 9.8 CVE-2023-29635MISCMISC
milesight — ms-n5008-uc_firmware This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

2023-04-28 9.8 CVE-2023-30466MISC
milesight — ms-n5008-uc_firmware This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.

2023-04-28 9.8 CVE-2023-30467MISC
zyxel — nbg6604_firmware The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. 2023-05-01 8.8 CVE-2023-22919CONFIRM
dedecms — dedecms A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. 2023-04-29 8.8 CVE-2023-2424MISCMISCMISC
nginx — management_suite NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

2023-05-03 8.1 CVE-2023-28656MISC
sage — sage_300 On versions of Sage 300 2017 – 2022 (6.4.x – 6.9.x) which are setup in a “Windows Peer-to-Peer Network” or “Client Server Network” configuration, a low-privileged Sage 300 workstation user could abuse their access to the “SharedData” folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. 2023-04-28 7.8 CVE-2022-38583MISCMISC
jetbrains — toolbox In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible 2023-04-28 7.8 CVE-2022-48481MISC
linux — linux_kernel A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.

The perf_group_detach function did not check the event’s siblings’ attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.

We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

2023-05-01 7.8 CVE-2023-2235MISCMISC
linux — linux_kernel A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.

Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.

We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.

2023-05-01 7.8 CVE-2023-2236MISCMISC
linux — linux_kernel A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.

The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.

We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.

2023-05-01 7.8 CVE-2023-2248MISCMISC
ibm — aix IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. 2023-04-28 7.8 CVE-2023-28528MISCMISC
linux — linux_kernel qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. 2023-04-28 7.8 CVE-2023-31436MISCMISCMISC
powersoft — powersoft Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device. 2023-05-04 7.5 CVE-2017-20184MISC
sage — sage_300 The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. 2023-04-28 7.5 CVE-2022-41398MISC
sage — sage_300 The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key (“PASS_KEY”) to encrypt and decrypt the database connection string for the PORTAL database found in the “dbconfig.xml”. This issue could allow attackers to obtain access to the SQL database. 2023-04-28 7.5 CVE-2022-41399MISC
zyxel — nbg-418n_firmware A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. 2023-05-01 7.5 CVE-2023-22921CONFIRM
zyxel — nbg-418n_firmware A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. 2023-05-01 7.5 CVE-2023-22922CONFIRM
lfprojects — mlflow Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. 2023-04-28 7.5 CVE-2023-2356MISCCONFIRM
acronis — cyber_infrastructure Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. 2023-04-28 7.5 CVE-2023-2360MISC
obsidian — obsidian An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. 2023-05-01 7.5 CVE-2023-27035MISCMISCMISC
f5 — big-ip Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-05-03 7.5 CVE-2023-27378MISC
ibm — safer_payments IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. 2023-04-28 7.5 CVE-2023-27556MISCMISCMISC
ibm — safer_payments IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. 2023-04-28 7.5 CVE-2023-27557MISCMISC
trustwave — modsecurity Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. 2023-04-28 7.5 CVE-2023-28882CONFIRM
f5 — big-ip When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-05-03 7.5 CVE-2023-29163MISC
microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 2023-05-05 7.5 CVE-2023-29350MISC
dlink — dir-879_firmware D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. 2023-05-01 7.5 CVE-2023-30061MISCMISC
dlink — dir-890l_firmware D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. 2023-05-01 7.5 CVE-2023-30063MISCMISC
f5 — big-ip An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-05-03 7.4 CVE-2023-24461MISC
f5 — big-ip When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

2023-05-03 7.2 CVE-2023-28742MISC
nginx — management_suite NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

2023-05-03 7.1 CVE-2023-28724MISC

Back to top

 

Medium Vulnerabilities

PrimaryVendor — Product Description Published CVSS Score Source & Patch Info
zyxel — nbg-418n_firmware A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. 2023-05-01 6.5 CVE-2023-22923CONFIRM
netgear — srx5308_firmware A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 6.5 CVE-2023-2380MISCMISCMISC
ac_repair_and_services_system_project — ac_repair_and_services_system A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability. 2023-04-28 6.5 CVE-2023-2408MISCMISCMISC
ac_repair_and_services_system_project — ac_repair_and_services_system A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703. 2023-04-28 6.5 CVE-2023-2409MISCMISCMISC
ac_repair_and_services_system_project — ac_repair_and_services_system A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. 2023-04-28 6.5 CVE-2023-2410MISCMISCMISC
ac_repair_and_services_system_project — ac_repair_and_services_system A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability. 2023-04-28 6.5 CVE-2023-2411MISCMISCMISC
ac_repair_and_services_system_project — ac_repair_and_services_system A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability. 2023-04-29 6.5 CVE-2023-2412MISCMISCMISC
ac_repair_and_services_system_project — ac_repair_and_services_system A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707. 2023-04-29 6.5 CVE-2023-2413MISCMISCMISC
konga_project — konga An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. 2023-05-01 6.5 CVE-2023-26987MISCMISCMISC
woocommerce — icons_for_features A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. 2023-04-30 6.1 CVE-2015-10104MISCMISCMISCMISC
hongcms_project — hongcms Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. 2023-04-28 6.1 CVE-2020-21643MISC
boxbilling — boxbilling Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. 2023-04-28 6.1 CVE-2020-23647MISC
netgear — srx5308_firmware A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 6.1 CVE-2023-2395MISCMISCMISC
netgear — srx5308_firmware A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 6.1 CVE-2023-2396MISCMISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. 2023-04-28 6.1 CVE-2023-28475MISCMISC
qbian61_forum-java_project — qbian61_forum-java Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the “article editor” page. 2023-05-01 6.1 CVE-2023-29637MISC
ipandao — editor.md Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. 2023-05-01 6.1 CVE-2023-29641MISC
f5 — big-ip In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-05-03 5.9 CVE-2023-22372MISC
wpdownloadmanager — gutenberg_blocks_for_wordpress_download_manager Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions. 2023-05-03 5.4 CVE-2023-22713MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-28 5.4 CVE-2023-2361CONFIRMMISC
resort_reservation_system_project — resort_reservation_system A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640. 2023-04-28 5.4 CVE-2023-2364MISCMISCMISC
themeisle — visualizer Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions. 2023-05-03 5.4 CVE-2023-23708MISC
properfraction — profilepress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. 2023-05-03 5.4 CVE-2023-23820MISC
metaphorcreations — ditty Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. 2023-05-03 5.4 CVE-2023-23874MISC
tms-outsource — wpdatatables Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions. 2023-05-03 5.4 CVE-2023-23876MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. 2023-04-30 5.4 CVE-2023-2428CONFIRMMISC
olevmedia — olevmedia_shortcodes Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions. 2023-05-03 5.4 CVE-2023-25798MISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name. 2023-04-28 5.4 CVE-2023-28471MISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search. 2023-04-28 5.4 CVE-2023-28474MISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files. 2023-04-28 5.4 CVE-2023-28476MISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter. 2023-04-28 5.4 CVE-2023-28477MISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names. 2023-04-28 5.4 CVE-2023-28819MISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. 2023-04-28 5.4 CVE-2023-28820MISCMISC
f5 — big-iq An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-05-03 5.4 CVE-2023-29240MISC
zhenfeng13_my-blog_project — zhenfeng13_my-blog Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the “title” field in the “blog management” page due to the the default configuration not using MyBlogUtils.cleanString. 2023-05-01 5.4 CVE-2023-29636MISC
zhenfeng13_my-blog_project — zhenfeng13_my-blog Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the “blog article” page due to the default configuration not utilizing MyBlogUtils.cleanString. 2023-05-01 5.4 CVE-2023-29639MISC
perfreeblog_project — perfreeblog Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. 2023-05-01 5.4 CVE-2023-29643MISC
wuzhicms — wuzhicms wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. 2023-04-28 5.4 CVE-2023-30123MISC
ibm — safer_payments IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052. 2023-04-28 5.3 CVE-2020-4729MISCMISC
f5 — big-ip When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

2023-05-03 5.3 CVE-2023-24594MISC
kaiostech — kaios An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user’s call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user’s call logs to a remote server via XMLHttpRequest or Fetch. 2023-05-01 5.3 CVE-2023-27108MISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies. 2023-04-28 5.3 CVE-2023-28472MISCMISC
concretecms — concrete_cms Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. 2023-04-28 5.3 CVE-2023-28821MISCMISC
zyxel — nbg-418n_firmware A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. 2023-05-01 4.9 CVE-2023-22924CONFIRM
wptablebuilder — wp_table_builder Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions. 2023-05-03 4.8 CVE-2022-46852MISC
clio — clio_grow Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themis Solutions, Inc. Clio Grow plugin <= 1.0.0 versions. 2023-05-03 4.8 CVE-2023-22683MISC
online_dj_management_system_project — online_dj_management_system A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648. 2023-04-28 4.8 CVE-2023-2372MISCMISCMISC
exquisite_paypal_donation_project — exquisite_paypal_donation Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions. 2023-05-03 4.8 CVE-2023-23785MISC
netgear — srx5308_firmware A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2381MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2382MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2383MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2384MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2385MISCMISCMISC
netgear — srx5308_firmware A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2386MISCMISCMISC
netgear — srx5308_firmware A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2387MISCMISCMISC
netgear — srx5308_firmware A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2388MISCMISCMISC
netgear — srx5308_firmware A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2389MISCMISCMISC
netgear — srx5308_firmware A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2390MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2391MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2392MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2393MISCMISCMISC
netgear — srx5308_firmware A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28 4.8 CVE-2023-2394MISCMISCMISC
simple_mobile_comparison_website_project — simple_mobile_comparison_website A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675. 2023-04-28 4.8 CVE-2023-2397MISCMISCMISC
simple_student_information_system_project — simple_student_information_system A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751. 2023-04-29 4.8 CVE-2023-2425MISCMISCMISC
firecask_like_&_share_button_project — firecask_like_&_share_button Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. 2023-05-03 4.8 CVE-2023-25783MISC
sticky_ad_bar_project — sticky_ad_bar Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions. 2023-05-03 4.8 CVE-2023-25784MISC
eyes_only_user_access_shortcode_project — eyes_only_user_access_shortcode Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions. 2023-05-03 4.8 CVE-2023-25786MISC
tapfiliate — tapfiliate Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions. 2023-05-03 4.8 CVE-2023-25789MISC
wp_baidu_submit_project — wp_baidu_submit Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions. 2023-05-03 4.8 CVE-2023-25796MISC
total-soft — video_gallery Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions. 2023-05-03 4.8 CVE-2023-25979MISC
microsoft — edge Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2023-05-05 4.7 CVE-2023-29354MISC
f5 — big-ip A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. 

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

2023-05-03 4.3 CVE-2023-28406MISC

Back to top

 

Low Vulnerabilities

PrimaryVendor — Product Description Published CVSS Score Source & Patch Info
hashicorp — vault HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 2023-05-01 2.5 CVE-2023-2197MISC

Back to top

 

Severity Not Yet Assigned

PrimaryVendor — Product Description Published CVSS Score Source & Patch Info
wordpress — wordpress A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability. 2023-05-02 not yet calculated CVE-2013-10026MISCMISCMISC
wordpress — wordpress A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764. 2023-05-02 not yet calculated CVE-2014-125100MISCMISCMISC
wordpress — wordpress A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. 2023-05-06 not yet calculated CVE-2016-15031MISCMISCMISCMISC
cyberark — viewfinity In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the “add printer” option. 2023-05-03 not yet calculated CVE-2017-11197MISCMISC
wordpress — wordpress A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability. 2023-05-05 not yet calculated CVE-2017-20183MISCMISCMISCMISC
drupal — responsive_meus A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. 2023-05-01 not yet calculated CVE-2018-25085MISCMISCMISCMISCMISC
redox_os — redox_os redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs. 2023-05-03 not yet calculated CVE-2020-22429MISCMISC
ibm — cloud_park_system_software_Suite IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. 2023-05-05 not yet calculated CVE-2020-4914MISCMISC
apache — ranger_hive_plugin An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.
2023-05-05 not yet calculated CVE-2021-40331MISC
ibm — qradar_data_ aynchronizatio_app IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. 2023-05-06 not yet calculated CVE-2022-22313MISCMISC
qualcomm — snapdragon Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key. 2023-05-02 not yet calculated CVE-2022-25713MISC
nokia — one_nds In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. 2023-05-02 not yet calculated CVE-2022-30759MISCMISC
acronis — multiple_products Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. 2023-05-03 not yet calculated CVE-2022-30995MISC
qualcomm — snapdragon Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation. 2023-05-02 not yet calculated CVE-2022-33273MISC
qualcomm — snapdragon Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames. 2023-05-02 not yet calculated CVE-2022-33281MISC
qualcomm — snapdragon Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it. 2023-05-02 not yet calculated CVE-2022-33292MISC
qualcomm — snapdragon Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet. 2023-05-02 not yet calculated CVE-2022-33304MISC
qualcomm — snapdragon Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH. 2023-05-02 not yet calculated CVE-2022-33305MISC
acronis — multiple_products Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. 2023-05-03 not yet calculated CVE-2022-3405MISCMISC
qualcomm — snapdragon Transient DOS due to reachable assertion in Modem during OSI decode scheduling. 2023-05-02 not yet calculated CVE-2022-34144MISC
ibm — congos_command_center IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. 2023-05-05 not yet calculated CVE-2022-38707MISCMISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. 2023-05-03 not yet calculated CVE-2022-39161MISCMISC
frrouting — frrouting An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. 2023-05-03 not yet calculated CVE-2022-40302MISC
frrouting — frrouting An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. 2023-05-03 not yet calculated CVE-2022-40318MISC
qualcomm — snapdragon Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. 2023-05-02 not yet calculated CVE-2022-40504MISC
qualcomm — snapdragon Information disclosure due to buffer over-read in Modem while parsing DNS hostname. 2023-05-02 not yet calculated CVE-2022-40505MISC
qualcomm — snapdragon Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. 2023-05-02 not yet calculated CVE-2022-40508MISC
ibm – spectrum_scale_container_native_storage_access IBM Spectrum Scale Container Native Storage Access

5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.

2023-04-29 not yet calculated CVE-2022-41736MISCMISC
nozomi_networks — multiple_products Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. 2023-05-04 not yet calculated CVE-2022-4259MISC
frrouting — frrouting An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. 2023-05-03 not yet calculated CVE-2022-43681MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. 2023-05-03 not yet calculated CVE-2022-4376MISCCONFIRMMISC
ibm – maximo_asset_management IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. 2023-05-05 not yet calculated CVE-2022-43866MISCMISC
ibm — financial_transaction_manager_swift_services IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. 2023-04-29 not yet calculated CVE-2022-43871MISCMISC
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. 2023-05-06 not yet calculated CVE-2022-43877MISCMISC
ibm — mq IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. 2023-05-05 not yet calculated CVE-2022-43919MISCMISC
fortiguard — fortinac A URL redirection to untrusted site (‘Open Redirect’) vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions,
8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
2023-05-03 not yet calculated CVE-2022-43950MISC
apache — ranger Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0. 2023-05-05 not yet calculated CVE-2022-45048MISC
lenovo — system_update A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. 2023-05-01 not yet calculated CVE-2022-4568MISC
apache — streampark Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.
LDAP Injection is an attack used to exploit web based applications
that construct LDAP statements based on user input. When an
application fails to properly sanitize user input, it’s possible to
modify LDAP statements through techniques similar to SQL Injection.
LDAP injection attacks could result in the granting of permissions to
unauthorized queries, and content modification inside the LDAP tree.
This risk may only occur when the user logs in with ldap, and the user
name and password login will not be affected, Users of the affected
versions should upgrade to Apache StreamPark 2.0.0 or later.
2023-05-01 not yet calculated CVE-2022-45801MISC
apache — streampark Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later 2023-05-01 not yet calculated CVE-2022-45802MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions. 2023-05-04 not yet calculated CVE-2022-45818MISC
fortiguard — fortinac A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. 2023-05-03 not yet calculated CVE-2022-45858MISC
fortiguard — fortinac An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users’ passwords. 2023-05-03 not yet calculated CVE-2022-45859MISC
fortiguard — fortinac A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. 2023-05-03 not yet calculated CVE-2022-45860MISC
apache — streampark Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later. 2023-05-01 not yet calculated CVE-2022-46365MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions. 2023-05-04 not yet calculated CVE-2022-47434MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions. 2023-05-04 not yet calculated CVE-2022-47449MISC
imo.im — imo.im In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application’s data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution. 2023-05-04 not yet calculated CVE-2022-47757MISC
jedox — gmbh Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class ‘com.jedox.etl.mngr.Connections’ and method ‘getGlobalConnection’. 2023-05-02 not yet calculated CVE-2022-47874MISCMISC
jedox — gmbh A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. 2023-05-02 not yet calculated CVE-2022-47875MISCMISC
jedox — gmbh The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. 2023-05-02 not yet calculated CVE-2022-47876MISCMISC
jedox — gmbh A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module ‘log’. 2023-05-02 not yet calculated CVE-2022-47877MISCMISC
jedox — gmbh Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. 2023-05-02 not yet calculated CVE-2022-47878MISCMISC
lenovo — baiying_for_android A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. 2023-05-01 not yet calculated CVE-2022-48186MISC
3cx — security_hotfix 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. 2023-05-02 not yet calculated CVE-2022-48482MISCMISC
3cx — security_hotfix 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. 2023-05-02 not yet calculated CVE-2022-48483MISCMISC
gitlab — multiple_products An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown 2023-05-03 not yet calculated CVE-2023-0155CONFIRMMISCMISC
gitlab — multiple_products An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork. 2023-05-03 not yet calculated CVE-2023-0485MISCMISCCONFIRM
lenovo — xcc A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. 2023-05-01 not yet calculated CVE-2023-0683MISC
gitlab — multiple_products An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. 2023-05-03 not yet calculated CVE-2023-0756MISCMISCCONFIRM
gitlab — ee An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. 2023-05-03 not yet calculated CVE-2023-0805CONFIRMMISCMISC
wordpress — wordpress The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-05-02 not yet calculated CVE-2023-0891MISC
lenovo — smart_clock_essential_with_alexa_built_in A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. 2023-05-01 not yet calculated CVE-2023-0896MISC
wordpress — wordpress The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. 2023-05-02 not yet calculated CVE-2023-0924MISC
wordpress — wordpress The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-05-02 not yet calculated CVE-2023-1021MISC
wordpress — wordpress The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-05-02 not yet calculated CVE-2023-1090MISCMISC
wordpress — wordpress The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own. 2023-05-02 not yet calculated CVE-2023-1125MISC
gitlab — multiple_products An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. 2023-05-03 not yet calculated CVE-2023-1178MISCCONFIRMMISC
wordpress — wordpress The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. 2023-05-02 not yet calculated CVE-2023-1196MISCMISC
gitlab — multiple_products An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. 2023-05-03 not yet calculated CVE-2023-1204MISCCONFIRMMISC
gitlab — multiple_products An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. 2023-05-03 not yet calculated CVE-2023-1265MISCCONFIRMMISC
amazon –fire_tv_stick An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.

This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS versions prior to 7.6.3.3.

2023-05-03 not yet calculated CVE-2023-1383MISC
amazon — fire_tv_stick The setMediaSource function on the amzn.thin.pl service does not sanitize the “source” parameter allowing for arbitrary javascript code to be run

This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS versions prior to 7.6.3.3.

2023-05-03 not yet calculated CVE-2023-1384MISC
amazon — fire_tv_stick Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.

This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3.

2023-05-03 not yet calculated CVE-2023-1385MISC
wordpress — wordpress The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-05-02 not yet calculated CVE-2023-1525MISC
wordpress — wordpress The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting 2023-05-02 not yet calculated CVE-2023-1546MISC
wordpress — wordpress The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-05-02 not yet calculated CVE-2023-1554MISC
wordpress — wordpress The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-05-02 not yet calculated CVE-2023-1614MISC
wordpress — wordpress The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 2023-05-02 not yet calculated CVE-2023-1669MISC
wordpress — wordpress The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks 2023-05-02 not yet calculated CVE-2023-1730MISC
wordpress — wordpress The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. 2023-05-02 not yet calculated CVE-2023-1804MISC
wordpress — wordpress The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-05-02 not yet calculated CVE-2023-1805MISC
wordpress — wordpress The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. 2023-05-02 not yet calculated CVE-2023-1809MISC
gitlab — gitlab A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in “raw” mode, it can be made to render as HTML if viewed under specific circumstances 2023-05-03 not yet calculated CVE-2023-1836CONFIRMMISCMISC
wordpress — wordpress The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks 2023-05-02 not yet calculated CVE-2023-1861MISC
puppet — puppet_enterprise/puppet_server A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. 2023-05-04 not yet calculated CVE-2023-1894MISC
wordpress — wordpress The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example 2023-05-02 not yet calculated CVE-2023-1911MISC
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn’t enabled by default. 2023-05-03 not yet calculated CVE-2023-1965MISCCONFIRMMISC
mattermost — mattermost Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website 2023-05-02 not yet calculated CVE-2023-2000MISC
cisco — small_business_ip_phones A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability. 2023-05-04 not yet calculated CVE-2023-20126CISCO
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. 2023-05-03 not yet calculated CVE-2023-2069MISCCONFIRMMISC
samsung — andriod_devices Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. 2023-05-04 not yet calculated CVE-2023-21484MISC
samsung — andriod_devices Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. 2023-05-04 not yet calculated CVE-2023-21485MISC
samsung — andriod_devices Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. 2023-05-04 not yet calculated CVE-2023-21486MISC
samsung — andriod_devices Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. 2023-05-04 not yet calculated CVE-2023-21487MISC
samsung — andriod_devices Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips. 2023-05-04 not yet calculated CVE-2023-21488MISC
samsung — andriod_devices Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code. 2023-05-04 not yet calculated CVE-2023-21489MISC
samsung — andriod_devices Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. 2023-05-04 not yet calculated CVE-2023-21490MISC
samsung — andriod_devices Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. 2023-05-04 not yet calculated CVE-2023-21491MISC
samsung — andriod_devices Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. 2023-05-04 not yet calculated CVE-2023-21492MISC
samsung — andriod_devices Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. 2023-05-04 not yet calculated CVE-2023-21493MISC
samsung — andriod_devices Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. 2023-05-04 not yet calculated CVE-2023-21494MISC
samsung — andriod_devices Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. 2023-05-04 not yet calculated CVE-2023-21495MISC
samsung — andriod_devices Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. 2023-05-04 not yet calculated CVE-2023-21496MISC
samsung — andriod_devices Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. 2023-05-04 not yet calculated CVE-2023-21497MISC
msamsung — andriod_devices Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. 2023-05-04 not yet calculated CVE-2023-21498MISC
samsung — andriod_devices Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. 2023-05-04 not yet calculated CVE-2023-21499MISC
samsung — andriod_devices Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. 2023-05-04 not yet calculated CVE-2023-21500MISC
samsung — andriod_devices Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. 2023-05-04 not yet calculated CVE-2023-21501MISC
samsung — andriod_devices Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. 2023-05-04 not yet calculated CVE-2023-21502MISC
samsung — andriod_devices Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. 2023-05-04 not yet calculated CVE-2023-21503MISC
samsung — andriod_devices Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. 2023-05-04 not yet calculated CVE-2023-21504MISC
samsung — core_service Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. 2023-05-04 not yet calculated CVE-2023-21505MISC
samsung_mobile — blockchain_keystore Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. 2023-05-04 not yet calculated CVE-2023-21506MISC
samsung_mobile — blockchain_keystore Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. 2023-05-04 not yet calculated CVE-2023-21507MISC
samsung_mobile — blockchain_keystore Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. 2023-05-04 not yet calculated CVE-2023-21508MISC
samsung_mobile — blockchain_keystore Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. 2023-05-04 not yet calculated CVE-2023-21509MISC
samsung_mobile — blockchain_keystore Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. 2023-05-04 not yet calculated CVE-2023-21510MISC
samsung_mobile — blockchain_keystore Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. 2023-05-04 not yet calculated CVE-2023-21511MISC
qualcomm — snapdragon Memory corruption in HAB Memory management due to broad system privileges via physical address. 2023-05-02 not yet calculated CVE-2023-21642MISC
qualcomm — snapdragon Memory corruption in Graphics while importing a file. 2023-05-02 not yet calculated CVE-2023-21665MISC
qualcomm — snapdragon Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. 2023-05-02 not yet calculated CVE-2023-21666MISC
gitlab — gitlab_enterprise_edition An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as ‘external’ to become ‘regular’ users thus leading to privilege escalation for those users. 2023-05-03 not yet calculated CVE-2023-2182CONFIRMMISC
octopus_deploy — octopus_server In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function 2023-05-02 not yet calculated CVE-2023-2247MISC
atlassian — confluence Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.

This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.

The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.

2023-05-01 not yet calculated CVE-2023-22503MISC
fortinet — fortinac An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. 2023-05-03 not yet calculated CVE-2023-22637MISC
fortinet — forties_fortiproxy A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. 2023-05-03 not yet calculated CVE-2023-22640MISC
suse — rancher Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher’s admission Webhook may lead to
the misconfiguration of the Webhook. This component enforces validation
rules and security checks before resources are admitted into the
Kubernetes cluster.
The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
2023-05-04 not yet calculated CVE-2023-22651MISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. 2023-05-03 not yet calculated CVE-2023-22691MISC
ibm — mq_clients IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. 2023-05-05 not yet calculated CVE-2023-22874MISCMISC
geovision — gv-edge_recording_manager An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. 2023-05-04 not yet calculated CVE-2023-23059MISCMISCMISC
ibm — ibm_i IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. 2023-05-04 not yet calculated CVE-2023-23470MISCMISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. 2023-05-02 not yet calculated CVE-2023-23723MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. 2023-05-03 not yet calculated CVE-2023-23790MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions. 2023-05-03 not yet calculated CVE-2023-23808MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Moris Dov Stock market charts from finviz plugin <= 1.0.1 versions. 2023-05-03 not yet calculated CVE-2023-23809MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. 2023-05-03 not yet calculated CVE-2023-23830MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions. 2023-05-03 not yet calculated CVE-2023-23875MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions. 2023-05-03 not yet calculated CVE-2023-23881MISC
ks-soft — advanced_host_monitor A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:Program Files (x86)HostMonitorRMA-Winrma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability. 2023-04-29 not yet calculated CVE-2023-2417MISCMISCMISC
konga — konga A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715. 2023-04-29 not yet calculated CVE-2023-2418MISCMISCMISC
zhong_bang_crmeb — zhong_bang_crmeb A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file crmebappservicessystemattachmentSystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. 2023-04-29 not yet calculated CVE-2023-2419MISCMISCMISC
mlecms — mlecms A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $_SERVER[‘REQUEST_URI’] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability. 2023-04-29 not yet calculated CVE-2023-2420MISCMISCMISC
control_id — rhid A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-29 not yet calculated CVE-2023-2421MISCMISCMISC
vim — vim Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. 2023-04-29 not yet calculated CVE-2023-2426CONFIRMMISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13. 2023-05-05 not yet calculated CVE-2023-2427MISCCONFIRM
devolutions_inc — devolutions_server Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. 2023-05-02 not yet calculated CVE-2023-2445MISC
sourcecodester — online_dj_management_system A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795. 2023-05-01 not yet calculated CVE-2023-2451MISCMISCMISC
google — chrome Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-05-03 not yet calculated CVE-2023-2459MISCMISCMISCMISC
google — chrome Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) 2023-05-03 not yet calculated CVE-2023-2460MISCMISCMISCMISC
google — chrome Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) 2023-05-03 not yet calculated CVE-2023-2461MISCMISCMISCMISC
google — chrome Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) 2023-05-03 not yet calculated CVE-2023-2462MISCMISCMISCMISC
google — chrome Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) 2023-05-03 not yet calculated CVE-2023-2463MISCMISCMISCMISC
google — chrome Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) 2023-05-03 not yet calculated CVE-2023-2464MISCMISCMISCMISC
google — chrome Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 2023-05-03 not yet calculated CVE-2023-2465MISCMISCMISCMISC
google — chrome Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) 2023-05-03 not yet calculated CVE-2023-2466MISCMISCMISCMISC
google — chrome Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) 2023-05-03 not yet calculated CVE-2023-2467MISCMISCMISCMISC
google — chrome Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) 2023-05-03 not yet calculated CVE-2023-2468MISCMISCMISCMISC
dreamer_cms — dreamer_cms A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860. 2023-05-02 not yet calculated CVE-2023-2473MISCMISCMISC
rebuild — rebuild A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. 2023-05-02 not yet calculated CVE-2023-2474MISCMISCMISC
rediker_software — adminplus Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM. 2023-05-03 not yet calculated CVE-2023-24744MISC
dromara — j2eefast A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867. 2023-05-02 not yet calculated CVE-2023-2475MISCMISCMISCMISC
dromara — j2eefast A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868. 2023-05-02 not yet calculated CVE-2023-2476MISCMISCMISCMISC
funadmin — funadmin A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability. 2023-05-02 not yet calculated CVE-2023-2477MISCMISCMISC
appium — appium OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. 2023-05-02 not yet calculated CVE-2023-2479CONFIRMMISC
ibm — business_automation_workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. 2023-05-06 not yet calculated CVE-2023-24957MISCMISC
ibm — virtualization_engine_ts7700 A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. 2023-05-04 not yet calculated CVE-2023-24958MISCMISC
teampass — teampass Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. 2023-05-05 not yet calculated CVE-2023-2516MISCCONFIRM
caton — ctp_relay_server A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-04 not yet calculated CVE-2023-2519MISCMISC
caton — prime A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-04 not yet calculated CVE-2023-2520MISCMISCMISC
nextu — next-7004n A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-04 not yet calculated CVE-2023-2521MISCMISC
chengdu — vec40g A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-04 not yet calculated CVE-2023-2522MISCMISCMISC
weaver — e-office A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-04 not yet calculated CVE-2023-2523MISCMISCMISC
control_id — rhid A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-04 not yet calculated CVE-2023-2524MISCMISC
virtualreception_digital_receptie — virtualreception_digital_receptie Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request. 2023-05-04 not yet calculated CVE-2023-25289MISC
azuracast — azuracast Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3. 2023-05-05 not yet calculated CVE-2023-2531CONFIRMMISC
genomedics — millegp5 An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. 2023-05-04 not yet calculated CVE-2023-25438MISCMISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions. 2023-05-04 not yet calculated CVE-2023-25458MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions. 2023-05-06 not yet calculated CVE-2023-25491MISC
lenovo — xclarity_controller A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. 2023-05-01 not yet calculated CVE-2023-25492MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. 2023-05-05 not yet calculated CVE-2023-2550MISCCONFIRM
unilogies — bumsys PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. 2023-05-05 not yet calculated CVE-2023-2551MISCCONFIRM
unilogies — bumsys Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1. 2023-05-05 not yet calculated CVE-2023-2552CONFIRMMISC
unilogies — bumsys Cross-site Scripting (XSS) – Stored in GitHub repository unilogies/bumsys prior to 2.2.0. 2023-05-05 not yet calculated CVE-2023-2553CONFIRMMISC
unilogies — bumsys External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. 2023-05-05 not yet calculated CVE-2023-2554CONFIRMMISC
jja8 — newbinggogo A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. 2023-05-06 not yet calculated CVE-2023-2560MISCMISCMISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions. 2023-05-03 not yet calculated CVE-2023-25787MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions. 2023-05-03 not yet calculated CVE-2023-25792MISC
wordpress — wordpress Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. 2023-05-03 not yet calculated CVE-2023-25797MISC
opentsdb — opentsdb Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation. 2023-05-03 not yet calculated CVE-2023-25826MISCMISC
opentsdb — opentsdb Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint. 2023-05-03 not yet calculated CVE-2023-25827MISCMISC
dell — ecs DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. 2023-05-04 not yet calculated CVE-2023-25934MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions. 2023-05-04 not yet calculated CVE-2023-25961MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions. 2023-05-04 not yet calculated CVE-2023-25962MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions. 2023-05-03 not yet calculated CVE-2023-25967MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions. 2023-05-04 not yet calculated CVE-2023-25977MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions. 2023-05-04 not yet calculated CVE-2023-25982MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions. 2023-05-04 not yet calculated CVE-2023-26010MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions. 2023-05-04 not yet calculated CVE-2023-26012MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions. 2023-05-04 not yet calculated CVE-2023-26016MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions. 2023-05-03 not yet calculated CVE-2023-26017MISC
european_chemicals_agency — iuclid European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. 2023-05-02 not yet calculated CVE-2023-26089MISCMISCMISC
gin_gonic — gin Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.

**Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.

2023-05-04 not yet calculated CVE-2023-26125MISCMISCMISCMISCMISC
fortinet — multiple_products A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. 2023-05-03 not yet calculated CVE-2023-26203MISC
apache — couchdb Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
* validate_doc_update

* list

* filter

* filter views (using view functions as filters)

* rewrite

* update

This doesn’t affect map/reduce or search (Dreyfus) index functions.

Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).

Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

2023-05-02 not yet calculated CVE-2023-26268MISCMISCMISC
ibm — mq IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. 2023-05-05 not yet calculated CVE-2023-26285MISCMISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions. 2023-05-06 not yet calculated CVE-2023-26517MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions. 2023-05-06 not yet calculated CVE-2023-26519MISC
european_chemicals_agency — iuclid European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. 2023-05-02 not yet calculated CVE-2023-26546MISCMISCMISC
microbin — microbin A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-05-04 not yet calculated CVE-2023-27075MISCMISC
inspryker — commerce_os SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= 2023-05-04 not yet calculated CVE-2023-27568MISCMISC
shapeshift — keepkey Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet. 2023-05-02 not yet calculated CVE-2023-27892MISCMISC
fortinet — fortiadc A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. 2023-05-03 not yet calculated CVE-2023-27993MISC
fortinet — fortiadc An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. 2023-05-03 not yet calculated CVE-2023-27999MISC
dell — command_monitor Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path 2023-05-05 not yet calculated CVE-2023-28068MISC
dell — alienware_command_center_application Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. 2023-05-03 not yet calculated CVE-2023-28070MISC
hpe — proliant_rl300_gen11_server A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis. 2023-05-01 not yet calculated CVE-2023-28092MISC
winterchens — my_site Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles. 2023-05-01 not yet calculated CVE-2023-29638MISC
libheif — libheif A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. 2023-05-05 not yet calculated CVE-2023-29659MISCFEDORAFEDORA
tenda — n301 Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. 2023-05-01 not yet calculated CVE-2023-29680MISCMISC
tenda — n301 Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. 2023-05-01 not yet calculated CVE-2023-29681MISCMISC
asus — rt_ac51u A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. 2023-05-02 not yet calculated CVE-2023-29772MISC
gl.inet — mt3000 GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. 2023-05-02 not yet calculated CVE-2023-29778MISCMISC
ejs — ejs ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. 2023-05-04 not yet calculated CVE-2023-29827MISC
hotel_druid — hotel_druid A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. 2023-05-03 not yet calculated CVE-2023-29839MISC
chuchcrm — churchcrm ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. 2023-05-04 not yet calculated CVE-2023-29842MISCMISCMISC
zammad — zammad Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. 2023-05-02 not yet calculated CVE-2023-29867MISC
zammad — zammad Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. 2023-05-02 not yet calculated CVE-2023-29868MISC
rosariosis — rosariosis RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. 2023-05-02 not yet calculated CVE-2023-29918MISC
llvm-project — llvm-project llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. 2023-05-05 not yet calculated CVE-2023-29932MISC
llvm-project — llvm-project llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. 2023-05-05 not yet calculated CVE-2023-29933MISC
llvm-project — llvm-project llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). 2023-05-05 not yet calculated CVE-2023-29934MISC
llvm-project — llvm-project llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && “operation was already replaced. 2023-05-05 not yet calculated CVE-2023-29935MISC
llvm-project — llvm-project llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). 2023-05-05 not yet calculated CVE-2023-29939MISC
llvm-project — llvm-project llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. 2023-05-05 not yet calculated CVE-2023-29941MISC
llvm-project — llvm-project llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. 2023-05-05 not yet calculated CVE-2023-29942MISC
s-cms — s-cms S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. 2023-05-05 not yet calculated CVE-2023-29963MISC
nanomq — nanomq In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. 2023-05-04 not yet calculated CVE-2023-29994MISC
nanomq — nanomq In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c 2023-05-04 not yet calculated CVE-2023-29995MISC
nanomq — nanomq In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. 2023-05-04 not yet calculated CVE-2023-29996MISC
totolink — x5000r TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the “command” parameter. 2023-05-05 not yet calculated CVE-2023-30013MISC
totolink — a7100ru TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. 2023-05-05 not yet calculated CVE-2023-30053MISC
totolink — a7100ru TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. 2023-05-05 not yet calculated CVE-2023-30054MISC
mitrastar — gpt-2741gnac-n2 MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. 2023-05-05 not yet calculated CVE-2023-30065MISC
sourcecodester — judging_management_system Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. 2023-05-04 not yet calculated CVE-2023-30077MISCMISC
semcms — shop_v4.2 Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. 2023-05-05 not yet calculated CVE-2023-30090MISC
open_networking_foundation — onos An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file. 2023-05-04 not yet calculated CVE-2023-30093MISC
totaljs –flow_v10 A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. 2023-05-04 not yet calculated CVE-2023-30094MISCMISCMISC
totaljs — messenger_commit_b6cf1c9 A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. 2023-05-04 not yet calculated CVE-2023-30095MISCMISCMISC
totaljs — messenger_commit_b6cf1c9 A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. 2023-05-04 not yet calculated CVE-2023-30096MISCMISCMISC
totaljs — messenger_commit_b6cf1c9 A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. 2023-05-04 not yet calculated CVE-2023-30097MISCMISCMISC
online_food_ordering_system_v2.0 — online_food_ordering_system_v2.0 An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. 2023-05-05 not yet calculated CVE-2023-30122MISC
tenda — aC18_v15.03.05.19(6318)cn Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. 2023-05-05 not yet calculated CVE-2023-30135MISC
typecho_v1.2.0 — typecho_v1.2.0 A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment. 2023-05-04 not yet calculated CVE-2023-30184MISC
judging_management_system_v1.0 — judging_management_system_v1.0 Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. 2023-05-04 not yet calculated CVE-2023-30203MISC
judging_management_system_v1.0 — judging_management_system_v1.0 Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php. 2023-05-03 not yet calculated CVE-2023-30204MISC
douphp — douphp A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. 2023-05-03 not yet calculated CVE-2023-30205MISC
newbee-mall — newbee-mall Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. 2023-05-04 not yet calculated CVE-2023-30216MISC
beijing_netcon — ns-asg NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. 2023-05-05 not yet calculated CVE-2023-30242MISCMISCMISC
beijing_netcon_ — ns-asg Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. 2023-05-05 not yet calculated CVE-2023-30243MISCMISC
cltphp — cltphp CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. 2023-05-04 not yet calculated CVE-2023-30264MISC
cltphp — cltphp CLTPHP <=6.0 is vulnerable to Improper Input Validation. 2023-05-04 not yet calculated CVE-2023-30268MISCMISC
prestashop — scexportcustomers PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions’ control, a guest can access exports from the module which can lead to leak of personal information from customer table. 2023-05-04 not yet calculated CVE-2023-30282MISC
webassembly — hang_wasm An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop. 2023-05-03 not yet calculated CVE-2023-30300MISC
mailbutler_gmbh — shimo_vpn_client An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. 2023-05-04 not yet calculated CVE-2023-30328MISCMISC
beetl — beetl An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. 2023-05-04 not yet calculated CVE-2023-30331MISCMISC
garo — wallbox_glb/gtb/gtc Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. 2023-05-04 not yet calculated CVE-2023-30399MISCMISCMISC
aigital — wireless-n_repeater_mini_router_v0.131229 An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user. 2023-05-02 not yet calculated CVE-2023-30403MISCMISC
ibm — multiple_products IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. 2023-05-05 not yet calculated CVE-2023-30434MISCMISCMISC
ibm — java IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. 2023-04-29 not yet calculated CVE-2023-30441MISCMISCMISCMISCMISC
metersphere — metersphere MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0. 2023-05-04 not yet calculated CVE-2023-30550MISCMISC
enalean — tulean Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143. 2023-05-04 not yet calculated CVE-2023-30619MISCMISCMISCMISC
archer — platform Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release. 2023-05-01 not yet calculated CVE-2023-30639CONFIRM
meta_platforms — lexical Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources. 2023-04-29 not yet calculated CVE-2023-30792MISC
triton — tritonmc Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the ‘triton:main’ plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4. 2023-05-01 not yet calculated CVE-2023-30859MISCMISC
pallets — flask Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client’s `session` cookie to other clients. The severity depends on the application’s use of the session and the proxy’s behavior regarding cookies. The risk depends on all these conditions being met.

1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets `session.permanent = True`
3. The application does not access or modify the session at any point during a request.
4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).
5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.

2023-05-02 not yet calculated CVE-2023-30861MISCMISCMISCMISCMISC
wordpress — wordpress Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. 2023-05-02 not yet calculated CVE-2023-30869MISCMISC
moodle — moodle The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. 2023-05-02 not yet calculated CVE-2023-30943MISCMISCMISC
moodle — moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. 2023-05-02 not yet calculated CVE-2023-30944MISCMISCMISC
zoho — madengine_opmanager Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. 2023-05-04 not yet calculated CVE-2023-31099MISCMISC
checkmk — checkmk Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user’s secret to be written to the site Apache access log. 2023-05-02 not yet calculated CVE-2023-31207MISC
illumos — gate illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net. 2023-05-04 not yet calculated CVE-2023-31284MISCMISC
elastic — filebeat Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. 2023-05-04 not yet calculated CVE-2023-31413MISCMISC
elastic — kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. 2023-05-04 not yet calculated CVE-2023-31414MISCMISC
elastic — kibana Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. 2023-05-04 not yet calculated CVE-2023-31415MISCMISC
logbuch — evasys A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. 2023-05-02 not yet calculated CVE-2023-31433MISC
logbuch — evasys The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations. 2023-05-02 not yet calculated CVE-2023-31434MISC
logbuch — evasys Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly. 2023-05-02 not yet calculated CVE-2023-31435MISC
cauldron — cbang tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive. 2023-04-28 not yet calculated CVE-2023-31483MISCMISC
cpanpm — cpanpm CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. 2023-04-29 not yet calculated CVE-2023-31484MISCMISCMISCMISCMLISTMLISTMLISTMLIST
cpanpm — api GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. 2023-04-29 not yet calculated CVE-2023-31485MISCMISCMISCMISCMLISTMLISTMLISTMLIST
cpanpm — tiny HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. 2023-04-29 not yet calculated CVE-2023-31486MISCMISCMISCMISCMLISTMLISTMLISTMISCMLIST
ghost — ghost Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme’s folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. 2023-05-05 not yet calculated CVE-2023-32235MISCMISC
linux — kernel An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. 2023-05-05 not yet calculated CVE-2023-32269MISCMISC

Back to top

Posted by

in