CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-26263 Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a v... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-1388 A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. | 6.3 | MEDIUM | β | 0 |
| CVE-2021-26947 Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-44460 Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permiss... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-44461 Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-44476 A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration file... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-44547 A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | 9.1 | CRITICAL | β | 0 |
| CVE-2021-44775 Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a vict... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45071 Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted up... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45111 Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts... | 8.1 | HIGH | β | 0 |
| CVE-2022-23721 PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machi... | 3.8 | LOW | β | 0 |
| CVE-2022-40722 A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading ... | 7.7 | HIGH | β | 0 |
| CVE-2022-40723 The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-40724 The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 6.4 | MEDIUM | β | 0 |
| CVE-2023-25793 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <=Β 2.0.2 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-30838 PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-si... | 8.5 | HIGH | β | 0 |
| CVE-2023-30839 PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even withou... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-23710 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=Β 7.5.14 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-23866 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <=Β 1.5.8 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-21510 Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | 4.4 | MEDIUM | β | 0 |
| CVE-2023-23889 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments pluginΒ <= 5.7.25 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-23995 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David StΓΆckl TinyMCE Custom Styles pluginΒ <= 1.1.2 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-24005 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer β Twitter Sharing Plugin plugin <=Β 2.5.3 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-25461 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <=Β 2.5.0 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-23839 The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensit... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24512 On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situ... | 8.8 | HIGH | β | 0 |
| CVE-2023-29011 Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports ... | 7.5 | HIGH | β | 0 |
| CVE-2023-29012 Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerabili... | 7.2 | HIGH | β | 0 |
| CVE-2023-2269 A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-2293 A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The ma... | 2.4 | LOW | β | 0 |
| CVE-2023-30549 Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid <... | 7.1 | HIGH | β | 0 |
| CVE-2023-30609 matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search resu... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-36769 IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232... | 7.2 | HIGH | β | 0 |
| CVE-2022-41739 IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional c... | 7.9 | HIGH | β | 0 |
| CVE-2023-2294 A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the arg... | 3.5 | LOW | β | 0 |
| CVE-2023-2273 Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is u... | 5.8 | MEDIUM | β | 0 |
| CVE-2023-2322 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-26286 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. | 8.4 | HIGH | β | 0 |
| CVE-2023-29257 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write... | 7.2 | HIGH | β | 0 |
| CVE-2023-22728 Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permi... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-22729 Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website ... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0458 A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable a... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-26930 Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states βit's an expected abort on ou... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-30546 Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-30841 Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy... | 6.0 | MEDIUM | β | 0 |
| CVE-2022-45456 Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161. | 7.5 | HIGH | β | 0 |
| CVE-2023-27559 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Forc... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-28769 The buffer overflow vulnerability in the library βlibclinkc.soβ of the web server βzhttpdβ in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker t... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28008 HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensit... | 7.1 | HIGH | β | 0 |
| CVE-2023-28009 HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or c... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.