All CVEs — 2023 (Page 215/217)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2023-01-05

Medium

CVE-2014-125044

A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion.…

CVSS: 6.3 CWE: CWE-73

High

CVE-2023-0088

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX…

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw b…

CVSS: 5.7 CWE: CWE-20

Medium

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible…

CVSS: 6.5 CWE: CWE-1333

Medium

CVE-2022-23546

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is avai…

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2022-4435

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CVSS: 6.7 CWE: CWE-126

Medium

CVE-2022-4434

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.

CVSS: 6.7 CWE: CWE-126

Medium

CVE-2022-4433

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CVSS: 6.7 CWE: CWE-126

Medium

CVE-2022-4432

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CVSS: 6.7 CWE: CWE-126

Low

CVE-2022-46168

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email…

CVSS: 3.5 CWE: CWE-359

High

CVE-2022-43844

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM R…

CVSS: 8.8 CWE: CWE-613

Low

CVE-2022-43573

IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.

CVSS: 3.1 CWE: CWE-200

Medium

CVE-2022-41740

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

CVSS: 4.6 CWE: CWE-312

High

CVE-2022-4378

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate th…

CVSS: 7.8 CWE: CWE-131

High

CVE-2022-47663

GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609

CVSS: 7.8 CWE: CWE-120

Medium

CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662

CVSS: 5.5 CWE: CWE-674

High

CVE-2022-47661

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes

CVSS: 7.8 CWE: CWE-787

High

CVE-2022-47660

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c

CVSS: 7.8 CWE: CWE-190

High

CVE-2022-47659

GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data

CVSS: 7.8 CWE: CWE-787

High

CVE-2022-47658

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47657

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47656

GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47655

Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>

CVSS: 7.8 CWE: CWE-787

High

CVE-2022-47654

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47653

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47095

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47094

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid

CVSS: 7.8 CWE: CWE-476

High

CVE-2022-47093

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid

CVSS: 7.8 CWE: CWE-416

High

CVE-2022-47092

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316

CVSS: 7.1 CWE: CWE-190

High

CVE-2022-47091

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47089

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47088

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-47087

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c

CVSS: 7.8 CWE: CWE-120

Medium

CVE-2022-47086

GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c

CVSS: 5.5 CWE: CWE-787

Medium

CVE-2022-46490

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.

CVSS: 5.5 CWE: CWE-401

Medium

CVE-2022-46489

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.

CVSS: 5.5 CWE: CWE-401

High

CVE-2022-3715

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

CVSS: 7.8 CWE: CWE-119

Medium

CVE-2015-10015

A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2014-125041

A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as e412127d07004668e5a2…

CVSS: 5.5 CWE: CWE-89

Critical

CVE-2022-45995

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different v…

CVSS: 9.8 CWE: CWE-120

Medium

CVE-2015-10014

A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The identifier of the patch is…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2014-125040

A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAcces…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2020-36641

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.…

CVSS: 5.5 CWE: CWE-611

Medium

CVE-2017-20162

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to…

CVSS: 4.3 CWE: CWE-1333

Low

CVE-2007-10001

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It i…

CVSS: 3.5 CWE: CWE-89

Low

CVE-2021-4305

A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the ar…

CVSS: 3.5 CWE: CWE-1333

Low

CVE-2022-4877

A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host l…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2021-4304

A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the…

CVSS: 6.3 CWE: CWE-77

Medium

CVE-2020-36640

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main…

CVSS: 5.5 CWE: CWE-611

Low

CVE-2018-25065

A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Pa…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2015-10013

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxono…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2022-4869

A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Para…

CVSS: 3.5 CWE: CWE-200

Low

CVE-2021-4303

A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the compo…

CVSS: 2.0 CWE: CWE-79

Low

CVE-2018-25064

A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripti…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2016-15010

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionalit…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2016-15009

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-s…

CVSS: 3.5 CWE: CWE-352

High

CVE-2023-22626

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the d…

CVSS: 7.5 CWE: CWE-209

Critical

CVE-2022-47523

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2022-45857

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly creat…

CVSS: 6.5 CWE: CWE-286

Medium

CVE-2019-25098

A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The ma…

CVSS: 5.5 CWE: CWE-22

Medium

CVE-2019-25097

A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by this issue is some unknown functionality of the component Directory Content Handler. The manipulat…

CVSS: 5.5 CWE: CWE-22

Low

CVE-2019-25096

A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scrip…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2019-25095

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scrip…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2022-43540

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow…

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2022-43539

A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exp…

CVSS: 5.7 CWE: CWE-200

High

CVE-2022-43538

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an at…

CVSS: 7.2 CWE: CWE-78

High

CVE-2022-43537

CVSS: 7.2 CWE: CWE-78

High

CVE-2022-43536

CVSS: 7.2 CWE: CWE-78

High

CVE-2022-43535

A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbi…

CVSS: 7.8 CWE: CWE-269

High

CVE-2022-43534

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrar…

CVSS: 7.8 CWE: CWE-269

High

CVE-2022-43533

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrar…

CVSS: 7.8 CWE: CWE-269

High

CVE-2022-43532

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an adminis…

CVSS: 8.0 CWE: CWE-79

High

CVE-2022-43531

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager in…

CVSS: 8.8 CWE: CWE-89

High

CVE-2022-43530

CVSS: 8.8 CWE: CWE-89

Medium

CVE-2022-43529

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session cleari…

CVSS: 4.6 CWE: CWE-384

Medium

CVE-2022-43528

Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to lo…

CVSS: 4.8 CWE: CWE-287

Medium

CVE-2022-43527

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-43526

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-43525

CVSS: 6.1 CWE: CWE-79

High

CVE-2022-43524

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack a…

CVSS: 8.7 CWE: CWE-79

High

CVE-2022-43523

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the A…

CVSS: 8.8 CWE: CWE-89

High

CVE-2022-43522

CVSS: 8.8 CWE: CWE-89

High

CVE-2022-43521

CVSS: 8.8 CWE: CWE-89

High

CVE-2022-43520

CVSS: 8.8 CWE: CWE-89

High

CVE-2022-43519

CVSS: 8.8 CWE: CWE-89

Medium

CVE-2022-37934

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE Offi…

CVSS: 6.8 CWE: CWE-22

High

CVE-2022-37933

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has m…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2022-34330

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-22371

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the sys…

CVSS: 5.5 CWE: CWE-613

Medium

CVE-2023-0057

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.

CVSS: 6.1 CWE: CWE-1021

2023-01-04

Low

CVE-2022-4876

A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the…

CVSS: 3.5 CWE: CWE-79

High

CVE-2023-22467

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has q…

CVSS: 7.5 CWE: CWE-1333

Medium

CVE-2023-22466

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode`…

CVSS: 5.4 CWE: CWE-665

Medium

CVE-2023-0055

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.

CVSS: 5.3 CWE: CWE-614

Low

CVE-2022-4875

A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The at…

CVSS: 2.4 CWE: CWE-79

Low

CVE-2021-4302

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2021-4300

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Bloc…

CVSS: 6.3 CWE: CWE-284

High

CVE-2023-0054

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

CVSS: 7.8 CWE: CWE-787

High

CVE-2022-48217

The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This…

CVSS: 8.1 CWE: CWE-75

High

CVE-2022-45052

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capa…

CVSS: 8.8 CWE: CWE-552

Medium

CVE-2022-45051

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not prope…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-45049

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutral…

CVSS: 6.1 CWE: CWE-79

High

CVE-2023-0051

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.

CVSS: 7.8 CWE: CWE-122

Medium

CVE-2022-46457

NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.

CVSS: 5.5 CWE: CWE-125

Medium

CVE-2022-46456

NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

CVSS: 6.1 CWE: CWE-120

High

CVE-2022-25926

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

CVSS: 7.4 CWE: CWE-78

Medium

CVE-2022-22352

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2022-22338

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to v…

CVSS: 6.3 CWE: CWE-89

Medium

CVE-2022-22337

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507.

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2022-46180

Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component vers…

CVSS: 5.0 CWE: CWE-74

High

CVE-2023-22465

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible…

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitig…

CVSS: 5.4 CWE: CWE-79

Critical

CVE-2023-22463

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacke…

CVSS: 9.8 CWE: CWE-798

High

CVE-2023-0049

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

CVSS: 7.8 CWE: CWE-125

High

CVE-2022-48216

Uniswap Universal Router before 1.1.0 mishandles reentrancy. This would have allowed theft of funds.

CVSS: 7.5 CWE: CWE-667

High

CVE-2023-22461

The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. In doing so, literal `<script>`-tags and on-event…

CVSS: 7.6 CWE: CWE-79

High

CVE-2023-22460

go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on…

CVSS: 7.5 CWE: CWE-20

Critical

CVE-2023-22457

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSR…

CVSS: 9.0 CWE: CWE-352

Critical

CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior v…

CVSS: 9.8 CWE: CWE-20

High

CVE-2023-0048

Code Injection in GitHub repository lirantal/daloradius prior to master-branch.

CVSS: 8.8 CWE: CWE-94