CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-24376 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions. | May 11, 2023. 19:08:00 | [patchstack.com] |
| CVE-2023-22710 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions. | May 11, 2023. 19:06:00 | [patchstack.com] |
| CVE-2023-24408 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions. | May 11, 2023. 19:01:00 | [patchstack.com] |
| CVE-2023-28493 | Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions. | May 11, 2023. 18:59:00 | [patchstack.com] |
| CVE-2023-1806 | The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | May 11, 2023. 18:56:00 | [wpscan.com] |
| CVE-2023-1649 | The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | May 11, 2023. 18:53:00 | [wpscan.com] |
| CVE-2023-1651 | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS | May 11, 2023. 18:52:00 | [wpscan.com] |
| CVE-2023-1660 | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard | May 11, 2023. 18:50:00 | [wpscan.com] |
| CVE-2023-30434 | IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | May 11, 2023. 18:45:00 | [www.ibm.com][www.ibm.com] |
| CVE-2023-30054 | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | May 11, 2023. 18:38:00 | [github.com] |
| CVE-2023-30053 | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | May 11, 2023. 18:31:00 | [github.com] |
| CVE-2022-47437 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions. | May 11, 2023. 18:29:00 | [patchstack.com] |
| CVE-2022-45065 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. | May 11, 2023. 18:29:00 | [patchstack.com] |
| CVE-2022-47439 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions. | May 11, 2023. 18:28:00 | [patchstack.com] |
| CVE-2023-2560 | A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. | May 11, 2023. 18:27:00 | [vuldb.com][vuldb.com] |
| CVE-2022-22313 | IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | May 11, 2023. 18:24:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-29941 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | May 11, 2023. 18:23:00 | [github.com] |
| CVE-2023-29942 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | May 11, 2023. 18:23:00 | [github.com] |
| CVE-2022-43877 | IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | May 11, 2023. 18:22:00 | [exchange.xforce.ibmcloud.com][www.ibm.com] |
| CVE-2022-4118 | The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users | May 11, 2023. 18:20:00 | [wpscan.com] |
Page 110 of 129
