Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41831 | 2023-03-21 | N/A | N/A | ||
| Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions. | |||||
| CVE-2022-41785 | 2023-03-21 | N/A | N/A | ||
| Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions. | |||||
| CVE-2023-1543 | 2023-03-21 | N/A | N/A | ||
| Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1542 | 2023-03-21 | N/A | N/A | ||
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1541 | 2023-03-21 | N/A | N/A | ||
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1540 | 2023-03-21 | N/A | N/A | ||
| Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1539 | 2023-03-21 | N/A | N/A | ||
| Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1538 | 2023-03-21 | N/A | N/A | ||
| Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1537 | 2023-03-21 | N/A | N/A | ||
| Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1536 | 2023-03-21 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. | |||||
| CVE-2023-1535 | 2023-03-21 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. | |||||
| CVE-2023-1527 | 2023-03-21 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. | |||||
| CVE-2012-10009 | 2023-03-21 | N/A | N/A | ||
| A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. | |||||
| CVE-2022-45124 | 2023-03-21 | N/A | N/A | ||
| An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability. | |||||
| CVE-2022-43663 | 2023-03-21 | N/A | N/A | ||
| An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-28425 | 2023-03-21 | N/A | N/A | ||
| Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. | |||||
| CVE-2023-27578 | 2023-03-21 | N/A | N/A | ||
| Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to this issue, an attacker can modify or delete any Galaxy Visualization or Galaxy Page given they know the encoded ID of it. Additionally, they can copy or import any Galaxy Visualization given they know the encoded ID of it. Patches are available for versions 22.01, 22.05, and 23.0. For the changes to take effect, you must restart all Galaxy server processes. There are no supported workarounds. | |||||
| CVE-2023-0681 | 2023-03-21 | N/A | N/A | ||
| Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. | |||||
| CVE-2023-27586 | 2023-03-21 | N/A | N/A | ||
| CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default. | |||||
| CVE-2023-22288 | 2023-03-21 | N/A | N/A | ||
| HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | |||||