CVE Daily
← All years

All CVEs — 2023

Page 217/217.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2023-01-02
Medium

CVE-2021-21200

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

CVSS: 5.4 CWE: CWE-125
Read more
High

CVE-2019-13768

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

CVSS: 7.4 CWE: CWE-416
Read more
Medium

CVE-2022-4369

The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be u…

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2022-4360

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege us…

CVSS: 7.2 CWE: CWE-89
Read more
Medium

CVE-2022-4236

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could…

CVSS: 6.5 CWE: CWE-552
Read more
Critical

CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leadi…

CVSS: 9.8 CWE: CWE-89
Read more
Medium

CVE-2022-4057

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.

CVSS: 5.3 CWE: CWE-425
Read more
High

CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arra…

CVSS: 8.8 CWE: CWE-352
Read more
Medium

CVE-2015-10011

A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutraliz…

CVSS: 4.6 CWE: CWE-117
Read more
Low

CVE-2015-10010

A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulat…

CVSS: 3.1 CWE: CWE-79
Read more
Medium

CVE-2023-22452

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was per…

CVSS: 6.5 CWE: CWE-20
Read more
Medium

CVE-2016-15007

A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectSe…

CVSS: 5.5 CWE: CWE-74
Read more
Low

CVE-2014-125036

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to…

CVSS: 2.6 CWE: CWE-406
Read more
Medium

CVE-2014-125038

A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument d…

CVSS: 5.5 CWE: CWE-89
Read more
Medium

CVE-2014-125037

A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injectio…

CVSS: 5.5 CWE: CWE-89
Read more
Medium

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from…

CVSS: 6.5 CWE: CWE-521
Read more
Medium

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: T…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2017-20161

A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to i…

CVSS: 4.6 CWE: CWE-74
Read more
Medium

CVE-2015-10009

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation…

CVSS: 5.5 CWE: CWE-94
Read more
Low

CVE-2014-125035

A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launc…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks…

CVSS: 2.4 CWE: CWE-79
Read more
Medium

CVE-2015-10008

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible…

CVSS: 6.3 CWE: CWE-89
Read more
Low

CVE-2015-10007

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2014-125034

A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument va…

CVSS: 3.5 CWE: CWE-79
Read more
Critical

CVE-2022-42475

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VP…

CVSS: 9.8 CWE: CWE-197
Read more
Medium

CVE-2021-4299

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to i…

CVSS: 4.3 CWE: CWE-1333
Read more
Medium

CVE-2021-4298

A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameter…

CVSS: 5.5 CWE: CWE-89
Read more
Low

CVE-2016-15006

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The ma…

CVSS: 3.7 CWE: CWE-337
Read more
Low

CVE-2014-125033

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipul…

CVSS: 3.5 CWE: CWE-24
Read more
Medium

CVE-2014-125032

A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation…

CVSS: 5.5 CWE: CWE-89
Read more
Low

CVE-2014-125031

A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is an unknown function of the file pages/loggedin.php. The manipulation of the argument statusentery le…

CVSS: 3.5 CWE: CWE-79
Read more
2023-01-01
Medium

CVE-2021-4297

A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The mani…

CVSS: 5.5 CWE: CWE-276
Read more
Low

CVE-2015-10006

A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-10006

A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation o…

CVSS: 2.6 CWE: CWE-208
Read more
Low

CVE-2010-10002

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.p…

CVSS: 3.1 CWE: CWE-79
Read more
Medium

CVE-2023-0029

A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The mani…

CVSS: 5.3 CWE: CWE-404
Read more
Low

CVE-2018-25063

A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2018-25062

A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ips…

CVSS: 3.5 CWE: CWE-404
Read more
Medium

CVE-2014-125030

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The…

CVSS: 6.3 CWE: CWE-259
Read more
High

CVE-2022-47634

M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.

CVSS: 8.1 CWE: CWE-284
Read more
Medium

CVE-2022-45213

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.

CVSS: 5.3 CWE: CWE-73
Read more
Medium

CVE-2022-45027

perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.

CVSS: 5.3 CWE: CWE-918
Read more
Medium

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basek…

CVSS: 6.3 CWE: CWE-1236
Read more
High

CVE-2022-37785

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.

CVSS: 7.5 CWE: CWE-312
Read more
High

CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.

CVSS: 8.8 CWE: CWE-89
Read more
Medium

CVE-2022-34323

Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenti…

CVSS: 5.4 CWE: CWE-79
Read more
Critical

CVE-2022-34322

Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticat…

CVSS: 9.0 CWE: CWE-79
Read more
Critical

CVE-2022-48198

The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a…

CVSS: 9.8 CWE: CWE-668
Read more
Low

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicate…

CVSS: 3.3 CWE: CWE-203
Read more
Medium

CVE-2021-41823

The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2023-0028

Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.

CVSS: 5.7 CWE: CWE-79
Read more