CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-39161 IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, cou... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-0155 An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled ma... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0485 An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-1265 An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The co... | 5.4 | MEDIUM | — | 0 |
| CVE-2015-10123 An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer ov... | 8.8 | HIGH | — | 0 |
| CVE-2023-1836 A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 bef... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-1965 An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lac... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-2069 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user w... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-43950 A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-27999 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands ... | 7.8 | HIGH | — | 0 |
| CVE-2022-45858 A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an ... | 4.2 | MEDIUM | — | 0 |
| CVE-2022-45859 An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a loca... | 4.1 | MEDIUM | — | 0 |
| CVE-2022-45860 A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registrat... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-4376 An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions,... | 3.1 | LOW | — | 0 |
| CVE-2023-0756 An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repo... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-1178 An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integ... | 5.7 | MEDIUM | — | 0 |
| CVE-2023-22637 An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-22640 A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all ver... | 7.5 | HIGH | — | 0 |
| CVE-2023-26203 A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow ... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-27993 A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI comm... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-21484 Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. | 5.1 | MEDIUM | — | 0 |
| CVE-2023-2182 An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is en... | 6.8 | MEDIUM | — | 0 |
| CVE-2022-47757 In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4259 Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DB... | 8.8 | HIGH | — | 0 |
| CVE-2022-45818 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-25962 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-26016 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-26012 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-2519 A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2023-2520 A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of t... | 8.8 | HIGH | — | 0 |
| CVE-2023-2522 A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-2523 A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manip... | 7.3 | HIGH | — | 0 |
| CVE-2023-2524 A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiat... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-21485 Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-20126 A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulner... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25458 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25961 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-25977 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25982 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-47434 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-47449 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-21491 Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | 8.5 | HIGH | — | 0 |
| CVE-2023-21493 Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | 6.8 | MEDIUM | — | 0 |
| CVE-2023-21494 Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | 5.6 | MEDIUM | — | 0 |
| CVE-2023-21495 Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | 4.0 | MEDIUM | — | 0 |
| CVE-2023-21496 Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-21497 Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. | 4.4 | MEDIUM | — | 0 |
| CVE-2023-36772 3D Builder Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2023-21498 Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. | 6.0 | MEDIUM | — | 0 |
| CVE-2023-21499 Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | 8.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.