CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-4836 The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contr... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-44911 NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c). | 7.5 | HIGH | — | 0 |
| CVE-2023-0062 The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0070 The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0072 The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which co... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0081 The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users w... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0082 The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0095 The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users wi... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0096 The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with t... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0154 The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow use... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4138 A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 1... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-0518 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It w... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-0795 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-0796 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-0797 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-24238 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-0798 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-0799 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-0800 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-0801 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafte... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-0802 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-0803 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-25709 An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints | 7.5 | HIGH | — | 0 |
| CVE-2023-0804 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-24187 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | 7.8 | HIGH | — | 0 |
| CVE-2023-0655 SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-22375 Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct a... | 8.8 | HIGH | — | 0 |
| CVE-2023-22376 Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbit... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-41564 The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-25758 Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembl... | 4.2 | MEDIUM | — | 0 |
| CVE-2023-25141 Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getReposi... | 7.5 | HIGH | — | 0 |
| CVE-2023-24159 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24160 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24161 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46023 An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. | 7.5 | HIGH | — | 0 |
| CVE-2023-23460 Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-21794 Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | MEDIUM | — | 0 |
| CVE-2023-22629 An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move i... | 8.8 | HIGH | — | 0 |
| CVE-2022-29557 LexisNexis Firco Compliance Link 3.7 allows CSRF. | 8.8 | HIGH | — | 0 |
| CVE-2023-22368 Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 | HIGH | — | 0 |
| CVE-2023-22377 Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 ... | 7.4 | HIGH | — | 0 |
| CVE-2023-24580 An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart f... | 7.5 | HIGH | — | 0 |
| CVE-2022-32474 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issue... | 7.0 | HIGH | — | 0 |
| CVE-2022-32478 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lea... | 7.0 | HIGH | — | 0 |
| CVE-2022-32954 An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to ... | 7.0 | HIGH | — | 0 |
| CVE-2023-23461 Libpeconv – access violation, before commit b076013 (30/11/2022). | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32955 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead t... | 7.0 | HIGH | — | 0 |
| CVE-2022-32473 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could l... | 7.0 | HIGH | — | 0 |
| CVE-2022-32476 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could le... | 7.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.