CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-28205 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | May 12, 2023. 12:15:00 | [support.apple.com][support.apple.com] |
| CVE-2023-30024 | The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4. | May 12, 2023. 12:15:00 | [www.magicjack.com][samuraisecurity.co.uk] |
| CVE-2020-24188 | Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | May 12, 2023. 11:15:00 | [onlinehelp.unitedplanet.com] |
| CVE-2023-27238 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. | May 12, 2023. 11:15:00 | [github.com][github.com] |
| CVE-2023-29657 | eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | May 12, 2023. 11:15:00 | [blog.tristaomarinho.com][extplorer.net] |
| CVE-2023-29818 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | May 12, 2023. 11:15:00 | [www.spenceralessi.com][webroot.com] |
| CVE-2023-29819 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | May 12, 2023. 11:15:00 | [www.spenceralessi.com][webroot.com] |
| CVE-2023-29983 | Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel. | May 12, 2023. 11:15:00 | [packetstormsecurity.com][www.exploit-db.com] |
| CVE-2023-2512 | Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would most likely lead to a segmentation fault, but could theoretically allow arbitrary undefined behavior. In order for the bug to be exploitable, the process would need to be able to allocate 160GB of RAM. Due to this, the bug was never exploitable on the Cloudflare Workers platform, but could theoretically be exploitable on deployments of workerd running on machines with a huge amount of memory. Moreover, in order to be remotely exploited, an attacker would have to upload a single form-encoded HTTP request of at least tens of gigabytes in size. The application code would then have to use request.formData() to parse the request and formData.forEach() to iterate over this data. Due to these limitations, the exploitation likelihood was considered Low. A fix that addresses this vulnerability has been released in version v1.20230419.0 and users are encouraged to update to the latest version available. | May 12, 2023. 11:15:00 | [github.com][github.com] |
| CVE-2023-30130 | An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | May 12, 2023. 11:15:00 | [craftcms.com][tf1t.gitbook.io] |
| CVE-2023-2677 | A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228891. | May 12, 2023. 10:15:00 | [github.com][vuldb.com] |
| CVE-2023-2678 | A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892. | May 12, 2023. 10:15:00 | [vuldb.com][vuldb.com] |
| CVE-2023-2590 | Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. | May 12, 2023. 09:29:00 | [huntr.dev][github.com] |
| CVE-2023-23863 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions. | May 12, 2023. 09:28:00 | [patchstack.com] |
| CVE-2022-41640 | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions. | May 12, 2023. 09:28:00 | [patchstack.com] |
| CVE-2023-23664 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions. | May 12, 2023. 09:28:00 | [patchstack.com] |
| CVE-2023-23793 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions. | May 12, 2023. 09:28:00 | [patchstack.com] |
| CVE-2023-23732 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions. | May 12, 2023. 09:27:00 | [patchstack.com] |
| CVE-2023-23733 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions. | May 12, 2023. 09:27:00 | [patchstack.com] |
| CVE-2023-23734 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions. | May 12, 2023. 09:26:00 | [patchstack.com] |
Page 105 of 129
