CVEs Today

Latest Information on Common Vulnerabilities and Exposures (CVEs)

Last updated: May 31, 2023. 01:20:03

click on an item for more info;

ID	Description	Modified	References
CVE-2023-29939	llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).	May 11, 2023. 18:19:00	[github.com]
CVE-2023-29935	llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.	May 11, 2023. 18:17:00	[github.com]
CVE-2023-2565	A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172.	May 11, 2023. 17:54:00	[vuldb.com][vuldb.com]
CVE-2020-18132	Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.	May 11, 2023. 17:53:00	[github.com][github.com]
CVE-2020-19660	Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.	May 11, 2023. 17:53:00	[github.com][github.com]
CVE-2020-18282	Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.	May 11, 2023. 17:53:00	[github.com][github.com]
CVE-2022-43950	A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.	May 11, 2023. 17:51:00	[fortiguard.com]
CVE-2022-45858	A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.	May 11, 2023. 17:50:00	[fortiguard.com]
CVE-2022-45859	An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.	May 11, 2023. 17:48:00	[fortiguard.com]
CVE-2022-45860	A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.	May 11, 2023. 17:48:00	[fortiguard.com]
CVE-2017-20183	A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.	May 11, 2023. 17:37:00	[vuldb.com][vuldb.com]
CVE-2023-23383	Service Fabric Explorer Spoofing Vulnerability	May 11, 2023. 17:27:00	[msrc.microsoft.com]
CVE-2023-23398	Microsoft Excel Spoofing Vulnerability	May 11, 2023. 17:27:00	[msrc.microsoft.com]
CVE-2023-29963	S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.	May 11, 2023. 17:26:00	[github.com]
CVE-2023-2531	Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.	May 11, 2023. 17:21:00	[huntr.dev][github.com]
CVE-2023-23533	A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system	May 11, 2023. 17:16:00	[support.apple.com][support.apple.com]
CVE-2023-23538	A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system	May 11, 2023. 17:16:00	[support.apple.com][support.apple.com]
CVE-2023-32075	The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.	May 11, 2023. 17:15:00	[github.com][huntr.dev]
CVE-2023-30013	TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.	May 11, 2023. 17:14:00	[github.com]
CVE-2023-23528	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory	May 11, 2023. 17:11:00	[support.apple.com][support.apple.com]

Previous 1...110 111 112...129 Next

Page 111 of 129

View Disclaimer