Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1353 | 1 Design And Implementation Of Covid-19 Directory On Vaccination System Project | 1 Design And Implementation Of Covid-19 Directory On Vaccination System | 2023-03-15 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852. | |||||
| CVE-2022-33244 | 1 Qualcomm | 78 Ar8035, Ar8035 Firmware, Qca6391 and 75 more | 2023-03-15 | N/A | 7.5 HIGH |
| Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout | |||||
| CVE-2023-27903 | 1 Jenkins | 1 Jenkins | 2023-03-15 | N/A | 4.4 MEDIUM |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. | |||||
| CVE-2023-27904 | 1 Jenkins | 1 Jenkins | 2023-03-15 | N/A | 5.3 MEDIUM |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | |||||
| CVE-2023-27905 | 1 Jenkins | 1 Update-center2 | 2023-03-15 | N/A | 5.4 MEDIUM |
| Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. | |||||
| CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-15 | N/A | 9.8 CRITICAL |
| An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | |||||
| CVE-2023-1203 | 1 Devolutions | 1 Remote Desktop Manager | 2023-03-15 | N/A | 6.5 MEDIUM |
| Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule. | |||||
| CVE-2023-1201 | 1 Devolutions | 1 Devolutions Server | 2023-03-15 | N/A | 6.5 MEDIUM |
| Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | |||||
| CVE-2022-43902 | 1 Ibm | 1 Mq Appliance | 2023-03-15 | N/A | 7.5 HIGH |
| IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. | |||||
| CVE-2023-1346 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-1345 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-1344 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-33245 | 1 Qualcomm | 144 Apq8064au, Apq8064au Firmware, Apq8096au and 141 more | 2023-03-15 | N/A | 7.8 HIGH |
| Memory corruption in WLAN due to use after free | |||||
| CVE-2023-1362 | 1 Bumsys Project | 1 Bumsys | 2023-03-15 | N/A | 6.1 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2. | |||||
| CVE-2022-33256 | 1 Qualcomm | 130 Ar8035, Ar8035 Firmware, Qca6390 and 127 more | 2023-03-15 | N/A | 9.8 CRITICAL |
| Memory corruption due to improper validation of array index in Multi-mode call processor. | |||||
| CVE-2023-1361 | 1 Bumsys Project | 1 Bumsys | 2023-03-15 | N/A | 6.5 MEDIUM |
| SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. | |||||
| CVE-2023-1360 | 1 Employee Payslip Generator System Project | 1 Employee Payslip Generator System | 2023-03-15 | N/A | 4.9 MEDIUM |
| A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863. | |||||
| CVE-2023-25207 | 1 Prestashop | 1 Dpd France | 2023-03-15 | N/A | 9.8 CRITICAL |
| PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php. | |||||
| CVE-2021-33639 | 1 Openatom | 1 Openeuler Kernel | 2023-03-15 | N/A | 7.5 HIGH |
| REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | |||||
| CVE-2023-1343 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-15 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||