CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-23076 OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25916 Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | 7.4 | HIGH | β | 0 |
| CVE-2021-3439 HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. | 7.8 | HIGH | β | 0 |
| CVE-2021-3808 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate... | 7.8 | HIGH | β | 0 |
| CVE-2021-3809 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate... | 7.8 | HIGH | β | 0 |
| CVE-2022-23453 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clien... | 7.8 | HIGH | β | 0 |
| CVE-2022-23454 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clien... | 7.8 | HIGH | β | 0 |
| CVE-2022-23455 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clien... | 7.8 | HIGH | β | 0 |
| CVE-2022-27537 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information dis... | 7.8 | HIGH | β | 0 |
| CVE-2022-27538 A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information ... | 7.0 | HIGH | β | 0 |
| CVE-2022-3990 HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. | 7.8 | HIGH | β | 0 |
| CVE-2023-24977 Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0.Β Users are advised to upgrade to Apache InLong's latest version ... | 7.5 | HIGH | β | 0 |
| CVE-2022-47003 A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47714 Last Yard 22.09.8-1 does not enforce HSTS headers | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47715 In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-47717 Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). | 7.5 | HIGH | β | 0 |
| CVE-2023-23128 Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product f... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23131 Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. | 7.5 | HIGH | β | 0 |
| CVE-2023-23132 Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. | 7.5 | HIGH | β | 0 |
| CVE-2023-24610 NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected... | 8.8 | HIGH | β | 0 |
| CVE-2023-24997 Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0.Β Users are advised to upgrade to Apache InLong's ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48093 Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. | 7.2 | HIGH | β | 0 |
| CVE-2022-48094 lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. | 4.9 | MEDIUM | β | 0 |
| CVE-2023-23135 An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. | 7.2 | HIGH | β | 0 |
| CVE-2023-23136 lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-4254 sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | 8.8 | HIGH | β | 0 |
| CVE-2023-24143 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43922 IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IB... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-23469 IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which... | 4.0 | MEDIUM | β | 0 |
| CVE-2023-23969 In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-s... | 7.5 | HIGH | β | 0 |
| CVE-2022-46934 kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23073 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23074 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23077 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23078 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-30904 In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. | 8.2 | HIGH | β | 0 |
| CVE-2022-31363 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected... | 8.2 | HIGH | β | 0 |
| CVE-2022-31364 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected... | 8.2 | HIGH | β | 0 |
| CVE-2022-47130 A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-37033 In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving thi... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-45782 An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account... | 8.8 | HIGH | β | 0 |
| CVE-2022-45783 An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-23750 An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | 6.3 | MEDIUM | β | 0 |
| CVE-2023-23751 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-37034 In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-24141 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25013 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to se... | 8.6 | HIGH | β | 0 |
| CVE-2023-25014 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to de... | 8.6 | HIGH | β | 0 |
| CVE-2023-25015 Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-2546 The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a reque... | 4.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.