CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-24921 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 | MEDIUM | β | 0 |
| CVE-2023-24922 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24930 Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2023-27235 An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | 7.2 | HIGH | β | 0 |
| CVE-2023-27588 Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and ... | 7.5 | HIGH | β | 0 |
| CVE-2023-27589 Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a u... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-28343 OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27590 Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-bas... | 7.8 | HIGH | β | 0 |
| CVE-2023-1327 Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web manage... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1407 A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/m... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-47427 Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <=Β 3.3.24.1 versions. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-25708 Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR β 360 Panorama and Virtual Tour Builder For WordPress plugin <=Β 8.2.7 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-25709 Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <=Β 3.9.11 versions. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-25968 Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal β Private user pages and login plugin <=Β 1.1.8 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-0322 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 28376. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-45155 An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories o... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-30655 Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | 8.5 | HIGH | β | 0 |
| CVE-2023-24726 Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34148 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup β WP Backup, Migrate & Restore plugin <=Β 1.6.9.0 versions. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-38456 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite pluginΒ <= 4.10.3 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-44580 SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Reviews plugin <=Β 2.2.3 versions. | 9.1 | CRITICAL | β | 0 |
| CVE-2023-27102 Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-27103 Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. | 8.8 | HIGH | β | 0 |
| CVE-2023-27781 jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c. | 7.8 | HIGH | β | 0 |
| CVE-2023-1379 A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of t... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-1415 A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unre... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-1416 A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument social_facebook leads to sq... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-1418 A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cash... | 3.5 | LOW | β | 0 |
| CVE-2022-46774 IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access ... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-43874 IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-24229 DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE... | 7.8 | HIGH | β | 0 |
| CVE-2023-25804 Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintende... | 7.5 | HIGH | β | 0 |
| CVE-2023-26284 IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper ac... | 7.5 | HIGH | β | 0 |
| CVE-2020-4556 IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID... | 4.0 | MEDIUM | β | 0 |
| CVE-2020-4927 A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID:... | 5.7 | MEDIUM | β | 0 |
| CVE-2023-22876 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-46773 IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 24... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-25680 IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM ... | 4.2 | MEDIUM | β | 0 |
| CVE-2023-22591 IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password re... | 3.9 | LOW | β | 0 |
| CVE-2023-27599 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the ... | 7.5 | HIGH | β | 0 |
| CVE-2023-26484 KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is runn... | 8.2 | HIGH | β | 0 |
| CVE-2023-27596 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration... | 7.5 | HIGH | β | 0 |
| CVE-2023-27597 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occu... | 7.5 | HIGH | β | 0 |
| CVE-2023-27598 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `... | 7.5 | HIGH | β | 0 |
| CVE-2023-30656 Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities. | 8.5 | HIGH | β | 0 |
| CVE-2023-25267 An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a lo... | 8.8 | HIGH | β | 0 |
| CVE-2023-27600 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_lin... | 7.5 | HIGH | β | 0 |
| CVE-2023-27601 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_lin... | 7.5 | HIGH | β | 0 |
| CVE-2023-28095 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issu... | 7.5 | HIGH | β | 0 |
| CVE-2023-28337 When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden βforceFWUpdateβ parameter may be provided to force the upgrade to complete and bypass certain validation checks. E... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.