Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1228 | 1 Google | 2 Android, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1230 | 1 Google | 2 Android, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-48364 | 1 Joinmastodon | 1 Mastodon | 2023-03-10 | N/A | 4.3 MEDIUM |
| The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | |||||
| CVE-2023-1190 | 1 Imageinfo Project | 1 Imageinfo | 2023-03-10 | N/A | 7.8 HIGH |
| A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1191 | 1 Xjd2020 | 1 Fastcms | 2023-03-10 | N/A | 7.2 HIGH |
| A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363. | |||||
| CVE-2017-20180 | 1 Zerocoin | 1 Libzerocoin | 2023-03-10 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3284 | 1 M-files | 1 M-files Server | 2023-03-10 | N/A | 7.5 HIGH |
| Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | |||||
| CVE-2022-4862 | 1 M-files | 1 M-files Server | 2023-03-10 | N/A | 7.6 HIGH |
| Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | |||||
| CVE-2022-2178 | 1 Saysis | 1 Starcities | 2023-03-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1. | |||||
| CVE-2022-46464 | 2023-03-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2023-22857 | 1 Blogengine | 1 Blogengine.net | 2023-03-10 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. | |||||
| CVE-2023-22856 | 1 Blogengine | 1 Blogengine.net | 2023-03-10 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file. | |||||
| CVE-2015-10093 | 1 Mark User As Spammer Project | 1 Mark User As Spammer | 2023-03-10 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability. | |||||
| CVE-2015-10092 | 1 Qtranslate Slug Project | 1 Qtranslate Slug | 2023-03-10 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324. | |||||
| CVE-2023-26111 | 2 \@nubosoftware\/node-static Project, Node-static Project | 2 \@nubosoftware\/node-static, Node-static | 2023-03-10 | N/A | 7.5 HIGH |
| All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function. | |||||
| CVE-2023-26108 | 1 Nestjs | 1 Nest | 2023-03-10 | N/A | 5.3 MEDIUM |
| Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open. | |||||
| CVE-2023-26107 | 1 Ebay | 1 Sketchsvg | 2023-03-10 | N/A | 7.8 HIGH |
| All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. | |||||
| CVE-2023-26106 | 1 Dot-lens Project | 1 Dot-lens | 2023-03-10 | N/A | 7.5 HIGH |
| All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. | |||||
| CVE-2020-7731 | 1 Gosaml2 Project | 1 Gosaml2 | 2023-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |||||
| CVE-2023-1173 | 2023-03-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | |||||