Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40134 | 1 Lenovo | 650 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 647 more | 2023-02-08 | N/A | 4.4 MEDIUM |
| An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | |||||
| CVE-2022-34888 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2023-02-08 | N/A | 4.3 MEDIUM |
| The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. | |||||
| CVE-2022-34884 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2023-02-08 | N/A | 6.5 MEDIUM |
| A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. | |||||
| CVE-2022-26872 | 1 Ami | 1 Megarac Sp-x | 2023-02-08 | N/A | 8.8 HIGH |
| AMI Megarac Password reset interception via API | |||||
| CVE-2023-24508 | 1 Baicells | 6 Nova227, Nova233, Nova243 and 3 more | 2023-02-08 | N/A | 9.6 CRITICAL |
| Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | |||||
| CVE-2022-48161 | 1 Easy Images Project | 1 Easy Images | 2023-02-08 | N/A | 7.5 HIGH |
| Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. | |||||
| CVE-2022-44585 | 1 Magneticlab | 1 Homepage Pop-up | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | |||||
| CVE-2023-0641 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2023-02-08 | N/A | 9.1 CRITICAL |
| A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. | |||||
| CVE-2022-40692 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |||||
| CVE-2022-47872 | 1 Maccms | 1 Maccms | 2023-02-08 | N/A | 8.8 HIGH |
| maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). | |||||
| CVE-2023-0611 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2023-02-08 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935. | |||||
| CVE-2022-48079 | 1 Mengnai | 1 Aapanel Host System | 2023-02-08 | N/A | 9.8 CRITICAL |
| Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. | |||||
| CVE-2022-45067 | 1 Devscred | 1 Exclusive Addons For Elementor | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | |||||
| CVE-2022-46842 | 1 Wiselyhub | 1 Js Help Desk | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. | |||||
| CVE-2022-46815 | 1 Wptrio | 1 Conditional Shipping For Woocommerce | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. | |||||
| CVE-2022-45807 | 1 Wpvibes | 1 Wp Mail Log | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. | |||||
| CVE-2023-0612 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2023-02-08 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936. | |||||
| CVE-2023-22574 | 1 Dell | 1 Emc Powerscale Onefs | 2023-02-08 | N/A | 8.1 HIGH |
| Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. | |||||
| CVE-2023-0613 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2023-02-08 | N/A | 7.5 HIGH |
| A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability. | |||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2023-02-08 | N/A | 6.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | |||||