Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0128 | 1 Google | 2 Chrome, Chrome Os | 2023-01-13 | N/A | 8.8 HIGH |
| Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-47083 | 1 Spitfire Project | 1 Spitfire | 2023-01-13 | N/A | 8.8 HIGH |
| Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. | |||||
| CVE-2020-36626 | 1 Tri | 1 Panel Builder | 2023-01-13 | N/A | 6.1 MEDIUM |
| A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4528d4f855dbbf24e9fc12a162fda84ce3bedc2f. It is recommended to apply a patch to fix this issue. VDB-216738 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-43970 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2023-01-13 | N/A | 7.2 HIGH |
| A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi. | |||||
| CVE-2022-4491 | 1 Wp-table Reloaded Project | 1 Wp-table Reloaded | 2023-01-13 | N/A | 5.4 MEDIUM |
| The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. | |||||
| CVE-2021-46871 | 1 Phoenixframework | 1 Phoenix Html | 2023-01-13 | N/A | 6.1 MEDIUM |
| tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes. | |||||
| CVE-2022-47864 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-13 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. | |||||
| CVE-2022-47862 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-13 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. | |||||
| CVE-2022-47861 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-13 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. | |||||
| CVE-2022-47860 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-13 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. | |||||
| CVE-2022-47859 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-13 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. | |||||
| CVE-2022-47866 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-13 | N/A | 9.8 CRITICAL |
| Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | |||||
| CVE-2022-47865 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-13 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. | |||||
| CVE-2023-0141 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-2196 | 1 Linux | 1 Linux Kernel | 2023-01-13 | N/A | 8.8 HIGH |
| A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a | |||||
| CVE-2023-0140 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-01-13 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0138 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0137 | 1 Google | 2 Chrome, Chrome Os | 2023-01-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0136 | 1 Google | 2 Android, Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0135 | 1 Google | 1 Chrome | 2023-01-13 | N/A | 8.8 HIGH |
| Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | |||||