CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-31972 | yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. | May 12, 2023. 01:52:00 | [github.com] |
| CVE-2023-31974 | yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. | May 12, 2023. 01:52:00 | [github.com] |
| CVE-2022-46858 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions. | May 12, 2023. 01:52:00 | [patchstack.com] |
| CVE-2023-31973 | yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. | May 12, 2023. 01:52:00 | [github.com] |
| CVE-2023-31975 | yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. | May 12, 2023. 01:51:00 | [github.com] |
| CVE-2023-0894 | The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | May 12, 2023. 01:46:00 | [wpscan.com] |
| CVE-2023-1011 | The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. | May 12, 2023. 01:42:00 | [wpscan.com] |
| CVE-2023-28325 | An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | May 12, 2023. 01:38:00 | [hackerone.com] |
| CVE-2023-28357 | A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. | May 12, 2023. 01:38:00 | [hackerone.com] |
| CVE-2023-28358 | A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover. | May 12, 2023. 01:38:00 | [hackerone.com] |
| CVE-2023-28359 | A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact. | May 12, 2023. 01:38:00 | [hackerone.com] |
| CVE-2023-28360 | An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. | May 12, 2023. 01:38:00 | [hackerone.com] |
| CVE-2023-28361 | A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later. | May 12, 2023. 01:38:00 | [community.ui.com] |
| CVE-2023-30192 | Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find(). | May 12, 2023. 01:38:00 | [themeforest.net][friends-of-presta.github.io] |
| CVE-2021-39036 | IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. | May 12, 2023. 01:38:00 | [https][exchange.xforce.ibmcloud.com] |
| CVE-2023-29790 | kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | May 12, 2023. 01:38:00 | [blog.mo60.cn] |
| CVE-2022-46799 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions. | May 11, 2023. 23:27:00 | [patchstack.com] |
| CVE-2023-29247 | Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. | May 11, 2023. 23:24:00 | [github.com][github.com] |
| CVE-2023-2566 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | May 11, 2023. 23:21:00 | [github.com][huntr.dev] |
| CVE-2023-30018 | Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=. | May 11, 2023. 23:18:00 | [github.com] |
Page 107 of 129
