CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-31254 A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUS... | 7.8 | HIGH | — | 0 |
| CVE-2023-0706 A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_recor... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-22643 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-23696 Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in ... | 7.0 | HIGH | — | 0 |
| CVE-2022-21948 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE ... | 4.3 | MEDIUM | — | 0 |
| CVE-2015-10075 A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-c... | 2.6 | LOW | — | 0 |
| CVE-2022-21953 A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher ... | 7.4 | HIGH | — | 0 |
| CVE-2023-0743 Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4. | 9.0 | CRITICAL | — | 0 |
| CVE-2022-31249 A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host... | 7.5 | HIGH | — | 0 |
| CVE-2022-43755 A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Ranc... | 7.1 | HIGH | — | 0 |
| CVE-2022-43756 A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying speci... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-43757 A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affe... | 9.9 | CRITICAL | — | 0 |
| CVE-2022-43758 A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm cata... | 7.6 | HIGH | — | 0 |
| CVE-2022-43759 A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affe... | 7.2 | HIGH | — | 0 |
| CVE-2023-0707 A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The man... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-45544 Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the ven... | 8.8 | HIGH | — | 0 |
| CVE-2011-10002 A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to ve... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-40224 A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. ... | 7.5 | HIGH | — | 0 |
| CVE-2023-24814 TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfilt... | 8.8 | HIGH | — | 0 |
| CVE-2022-40691 An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-40693 A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure... | 7.5 | HIGH | — | 0 |
| CVE-2023-22735 Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served ... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-24813 Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf p... | 10.0 | CRITICAL | — | 0 |
| CVE-2023-0732 A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php o... | 3.5 | LOW | — | 0 |
| CVE-2011-10003 A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql in... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-0696 Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2023-0697 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromiu... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-0701 Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI... | 8.8 | HIGH | — | 0 |
| CVE-2023-0747 Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-0702 Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via ... | 8.8 | HIGH | — | 0 |
| CVE-2023-0703 Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI in... | 8.8 | HIGH | — | 0 |
| CVE-2023-0728 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_fol... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0742 Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | 9.0 | CRITICAL | — | 0 |
| CVE-2023-0719 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This mak... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0735 Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-0736 Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-24828 Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing nor... | 8.1 | HIGH | — | 0 |
| CVE-2018-9462 In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. ... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-0731 The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-0685 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0716 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes i... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-20859 In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-24788 NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | 8.8 | HIGH | — | 0 |
| CVE-2023-28329 Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | 8.8 | HIGH | — | 0 |
| CVE-2023-28330 Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-41822 An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-28332 If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-28333 The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-28334 Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-28335 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.