Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0096 | 1 Happyforms | 1 Happyforms | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0095 | 1 A3rev | 1 Page View Count | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0082 | 1 Exactmetrics | 1 Exactmetrics | 2023-02-13 | N/A | 5.4 MEDIUM |
| The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0081 | 1 Monsterinsights | 1 Monsterinsights | 2023-02-13 | N/A | 5.4 MEDIUM |
| The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2019-6810 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2023-02-13 | 6.5 MEDIUM | 8.8 HIGH |
| CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. | |||||
| CVE-2021-37501 | 1 Hdfgroup | 1 Hdf5 | 2023-02-13 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. | |||||
| CVE-2019-10984 | 1 Redlion | 1 Crimson | 2023-02-13 | 6.8 MEDIUM | 7.8 HIGH |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | |||||
| CVE-2019-16172 | 1 Limesurvey | 1 Limesurvey | 2023-02-13 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. | |||||
| CVE-2019-16173 | 1 Limesurvey | 1 Limesurvey | 2023-02-13 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, | |||||
| CVE-2019-16392 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2023-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. | |||||
| CVE-2019-16391 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2023-02-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php. | |||||
| CVE-2022-45782 | 1 Dotcms | 1 Dotcms | 2023-02-13 | N/A | 8.8 HIGH |
| An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. | |||||
| CVE-2019-16393 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2023-02-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | |||||
| CVE-2019-16707 | 2 Fedoraproject, Hunspell Project | 2 Fedora, Hunspell | 2023-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | |||||
| CVE-2015-6051 | 1 Microsoft | 1 Internet Explorer | 2023-02-13 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
| CVE-2015-6042 | 1 Microsoft | 1 Internet Explorer | 2023-02-13 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2015-6048 | 1 Microsoft | 1 Internet Explorer | 2023-02-13 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6049. | |||||
| CVE-2021-37378 | 1 Teradke | 4 Cube, Cube Firmware, Cube Pro and 1 more | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37377 | 1 Teradek | 2 Brik, Brik Firmware | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37376 | 1 Teradek | 6 Bond, Bond 2, Bond 2 Firmware and 3 more | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||