CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-23862 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions. | May 12, 2023. 09:26:00 | [patchstack.com] |
| CVE-2023-23883 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions. | May 12, 2023. 09:26:00 | [patchstack.com] |
| CVE-2023-23884 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. | May 12, 2023. 09:26:00 | [patchstack.com] |
| CVE-2023-24372 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions. | May 12, 2023. 09:26:00 | [patchstack.com] |
| CVE-2022-46822 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions. | May 12, 2023. 09:26:00 | [patchstack.com] |
| CVE-2023-31807 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | May 12, 2023. 09:25:00 | [chamilo.com][support.chamilo.org] |
| CVE-2023-2619 | A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability. | May 12, 2023. 09:23:00 | [blog.csdn.net][vuldb.com] |
| CVE-2022-42865 | This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences. | May 12, 2023. 09:15:00 | [support.apple.com][support.apple.com] |
| CVE-2022-42853 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system. | May 12, 2023. 09:15:00 | [support.apple.com][seclists.org] |
| CVE-2022-46703 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information | May 12, 2023. 09:15:00 | [support.apple.com][support.apple.com] |
| CVE-2023-2514 | Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | May 12, 2023. 09:15:00 | [mattermost.com] |
| CVE-2023-28936 | Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | May 12, 2023. 08:15:00 | [lists.apache.org] |
| CVE-2023-29032 | An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0 | May 12, 2023. 08:15:00 | [lists.apache.org] |
| CVE-2023-29246 | An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | May 12, 2023. 08:15:00 | [lists.apache.org] |
| CVE-2019-0160 | Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | May 12, 2023. 04:15:00 | [tianocore-docs.github.io][access.redhat.com] |
| CVE-2023-28522 | IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | May 12, 2023. 02:15:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-31039 | Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218 | May 12, 2023. 02:03:00 | [lists.apache.org][www.openwall.com] |
| CVE-2023-1347 | The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | May 12, 2023. 01:55:00 | [wpscan.com] |
| CVE-2022-46864 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions. | May 12, 2023. 01:53:00 | [patchstack.com] |
| CVE-2022-46844 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. | May 12, 2023. 01:53:00 | [patchstack.com] |
Page 106 of 129
