Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-10020 | 1 A-forms Project | 1 A-forms | 2023-03-15 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability. | |||||
| CVE-2023-1328 | 1 115cms | 1 115cms | 2023-03-15 | N/A | 7.2 HIGH |
| A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1307 | 1 Froxlor | 1 Froxlor | 2023-03-15 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | |||||
| CVE-2017-20182 | 1 Mobilevikings | 1 Django Ajax Utilities | 2023-03-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611. | |||||
| CVE-2014-125093 | 1 Getadmiral | 1 Ad Blocking Detector | 2023-03-15 | N/A | 7.5 HIGH |
| A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-27114 | 1 Radare | 1 Radare2 | 2023-03-15 | N/A | 5.5 MEDIUM |
| radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. | |||||
| CVE-2023-27117 | 1 Webassembly | 1 Webassembly | 2023-03-15 | N/A | 7.8 HIGH |
| WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. | |||||
| CVE-2023-27116 | 1 Webassembly | 1 Webassembly | 2023-03-15 | N/A | 5.5 MEDIUM |
| WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. | |||||
| CVE-2023-27115 | 1 Webassembly | 1 Webassembly | 2023-03-15 | N/A | 5.5 MEDIUM |
| WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. | |||||
| CVE-2023-1091 | 1 Alpatateknoloji | 1 Licensed Warehousing Automation System | 2023-03-15 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01. | |||||
| CVE-2023-1312 | 1 Pimcore | 1 Pimcore | 2023-03-15 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | |||||
| CVE-2023-1313 | 1 Agentejo | 1 Cockpit | 2023-03-15 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. | |||||
| CVE-2023-26464 | 1 Apache | 1 Log4j | 2023-03-15 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-24774 | 1 Funadmin | 1 Funadmin | 2023-03-15 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. | |||||
| CVE-2023-27161 | 1 Jellyfin | 1 Jellyfin | 2023-03-15 | N/A | 7.5 HIGH |
| Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request. | |||||
| CVE-2018-25081 | 1 Bitwarden | 1 Bitwarden | 2023-03-15 | N/A | 7.5 HIGH |
| ** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default. | |||||
| CVE-2023-27974 | 1 Bitwarden | 1 Bitwarden | 2023-03-15 | N/A | 7.5 HIGH |
| ** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default. | |||||
| CVE-2020-17381 | 1 Ghisler | 1 Total Commander | 2023-03-15 | 4.4 MEDIUM | 7.3 HIGH |
| An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. | |||||
| CVE-2023-22302 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-03-15 | N/A | 5.9 MEDIUM |
| In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-28695 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2023-03-15 | 6.5 MEDIUM | 7.2 HIGH |
| On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||