RMX Security CERT Global
- CVE-2022-47611 (hover_image)Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <=Â 1.4.1 versions. ... read more
- CERTFR-2023-ACT-023 : Bulletin d’actualité CERTFR-2023-ACT-023 (30 mai 2023)Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
- CVE-2023-0443The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without ... read more
- CVE-2023-33955Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0. ... read more
- CVE-2023-2117The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to ... read more
- CVE-2023-0766The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks ... read more
- CVE-2023-2023The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. ... read more
- CVE-2023-2113The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript ... read more
- CVE-2023-1524The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be ... read more
- CVE-2022-41766An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when ... read more
- CVE-2023-32687tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections ... read more
- CVE-2023-30571Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a ... read more
- CVE-2022-24632An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. ... read more
- CVE-2022-24580** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-24580. Reason: This candidate is a duplicate of CVE-2023-24580. A typo caused the wrong ID to be used. Notes: All ... read more
- CVE-2023-30253Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. ... read more
- CVE-2023-32072Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 ... read more
- CVE-2022-24630An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. ... read more
- CVE-2022-24628An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. ... read more
- CVE-2022-24631An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. ... read more
- CVE-2022-24629An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of ... read more
- CVE-2022-24627An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. ... read more
- CVE-2023-33439 (faculty_evaluation_system)Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. ... read more
- CVE-2021-46881 (emui)The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
- CVE-2023-33440 (faculty_evaluation_system)Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. ... read more
- CVE-2023-0117The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime. ... read more
- CVE-2023-31225The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. ... read more
- CVE-2021-46882The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
- CVE-2021-46887Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. ... read more
- CVE-2021-46884The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
- CVE-2021-46886The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
- CVE-2021-46885The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
- CVE-2023-31227The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. ... read more
- CVE-2023-31226The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. ... read more
- CVE-2023-2002A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of ... read more
- CVE-2022-48478The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. ... read more
- CVE-2023-2817A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to ... read more
- CVE-2022-48479The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. ... read more
- CVE-2023-20883In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring ... read more
- CVE-2023-33780A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the ... read more
- CVE-2021-46883The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
- CVE-2022-48480Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. ... read more
- CVE-2023-0116The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. ... read more
- CVE-2023-20882In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. ... read more
- CVE-2023-33779A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. ... read more
- Zyxel udsender kritiske sikkerhedsrettelserBedst som proof-of-concept er offentliggjort på ’gamle’ sårbarheder i Zyxel-produkter, har Zyxel udsendt nye softwareopdateringer for at rette to kritiske sikkerhedsfejl, der påvirker udvalgte firewall- og VPN-produkter. Udnyttelse af fejlene ... read more
- CVE-2022-46945Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. ... read more
- CVE-2023-25029Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <=Â 2.0.7 versions. ... read more
- CVE-2023-23714Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <=Â 3.6.4.1 versions. ... read more
- CVE-2023-25038Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <=Â 0.58 versions. ... read more
- CVE-2023-24008Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions. ... read more
Title | Category | Tag |
Chemical Industry – Parsons Report – Cybersecurity |
CybersecurityICSIIOT | cybersecurity epcm ICS |