Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41323 | 1 Djangoproject | 1 Django | 2023-03-10 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | |||||
| CVE-2022-31081 | 2 Debian, Http\ | 2 Debian Linux, \ | 2023-03-10 | 6.4 MEDIUM | 6.5 MEDIUM |
| HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. | |||||
| CVE-2023-27472 | 1 Quickentity Editor Project | 1 Quickentity Editor | 2023-03-10 | N/A | 6.1 MEDIUM |
| quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-0069 | 1 Wpaudio Mp3 Player Project | 1 Wpaudio Mp3 Player | 2023-03-10 | N/A | 5.4 MEDIUM |
| The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-24763 | 1 Prestashop | 1 Xen Forum | 2023-03-10 | N/A | 8.8 HIGH |
| In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. | |||||
| CVE-2023-0076 | 1 Dfactory | 1 Download Attachments | 2023-03-10 | N/A | 5.4 MEDIUM |
| The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0065 | 1 I2 Pros \& Cons Project | 1 I2 Pros \& Cons | 2023-03-10 | N/A | 5.4 MEDIUM |
| The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0063 | 1 Synved | 1 Wordpress Shortcodes | 2023-03-10 | N/A | 5.4 MEDIUM |
| The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4328 | 1 Najeebmedia | 1 Woocommerce Checkout Field Manager | 2023-03-10 | N/A | 9.8 CRITICAL |
| The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server | |||||
| CVE-2023-1186 | 2 Fabulatech, Microsoft | 2 Webcam For Remote Desktop, Windows | 2023-03-10 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1188 | 2 Fabulatech, Microsoft | 2 Webcam For Remote Desktop, Windows | 2023-03-10 | N/A | 5.5 MEDIUM |
| A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360. | |||||
| CVE-2023-1187 | 2 Fabulatech, Microsoft | 2 Webcam For Remote Desktop, Windows | 2023-03-10 | N/A | 5.5 MEDIUM |
| A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359. | |||||
| CVE-2022-4265 | 1 Gopostmatic | 1 Replyable | 2023-03-10 | N/A | 8.8 HIGH |
| The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user | |||||
| CVE-2023-1197 | 1 Uvdesk | 1 Community-skeleton | 2023-03-10 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | |||||
| CVE-2023-1200 | 1 Ehuacui-bbs Project | 1 Ehuacui-bbs | 2023-03-10 | N/A | 5.4 MEDIUM |
| A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388. | |||||
| CVE-2023-24789 | 1 Jeecg | 1 Jeecg | 2023-03-10 | N/A | 8.8 HIGH |
| jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | |||||
| CVE-2023-0328 | 1 Wpcode | 1 Wpcode | 2023-03-10 | N/A | 4.3 MEDIUM |
| The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). | |||||
| CVE-2023-0212 | 1 Advanced Recent Posts Project | 1 Advanced Recent Posts | 2023-03-10 | N/A | 5.4 MEDIUM |
| The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2019-8720 | 3 Redhat, Webkitgtk, Wpewebkit | 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more | 2023-03-10 | N/A | 8.8 HIGH |
| A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | |||||
| CVE-2023-1212 | 1 Phpipam | 1 Phpipam | 2023-03-10 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. | |||||