Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43759 | 1 Suse | 1 Rancher | 2023-02-15 | N/A | 8.8 HIGH |
| A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10. | |||||
| CVE-2022-40224 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-27568 | 2 Json-smart Project, Oracle | 7 Json-smart-v1, Json-smart-v2, Communications Cloud Native Core Policy and 4 more | 2023-02-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. | |||||
| CVE-2011-10002 | 1 Weblabyrinth Project | 1 Weblabyrinth | 2023-02-15 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The name of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability. | |||||
| CVE-2023-0707 | 1 Medical Certificate Generator App Project | 1 Medical Certificate Generator App | 2023-02-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-37491 | 1 Dogecoin | 1 Dogecoin | 2023-02-15 | N/A | 7.5 HIGH |
| An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function. | |||||
| CVE-2022-43758 | 1 Suse | 1 Rancher | 2023-02-15 | N/A | 6.8 MEDIUM |
| A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | |||||
| CVE-2022-43757 | 1 Suse | 1 Rancher | 2023-02-15 | N/A | 8.8 HIGH |
| A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | |||||
| CVE-2023-0732 | 1 Online Eyewear Shop Project | 1 Online Eyewear Shop | 2023-02-15 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. | |||||
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2023-02-15 | N/A | 9.8 CRITICAL |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | |||||
| CVE-2023-23943 | 1 Nextcloud | 1 Mail | 2023-02-15 | N/A | 4.3 MEDIUM |
| Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app. | |||||
| CVE-2023-0263 | 1 Ljapps | 1 Wp Yelp Review Slider | 2023-02-15 | N/A | 8.8 HIGH |
| The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | |||||
| CVE-2023-0373 | 1 Smartwp | 1 Lightweight Accordion | 2023-02-15 | N/A | 5.4 MEDIUM |
| The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0360 | 1 Shapedplugin | 1 Location Weather | 2023-02-15 | N/A | 5.4 MEDIUM |
| The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0333 | 1 Templatesnext | 1 Templatesnext Toolkit | 2023-02-15 | N/A | 5.4 MEDIUM |
| The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0275 | 1 Tipsandtricks-hq | 1 Easy Accept Payments For Paypal | 2023-02-15 | N/A | 5.4 MEDIUM |
| The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0362 | 1 Themify | 1 Portfolio Post | 2023-02-15 | N/A | 5.4 MEDIUM |
| Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0169 | 1 Zohocorp | 1 Zoho Forms | 2023-02-15 | N/A | 5.4 MEDIUM |
| The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0166 | 1 Pickplugins | 1 Product Slider For Woocommerce | 2023-02-15 | N/A | 5.4 MEDIUM |
| The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2021-31578 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2023-02-15 | N/A | 9.8 CRITICAL |
| In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | |||||