CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-31478 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. | May 9, 2023. 23:15:00 | [github.com][www.gl-inet.com] |
| CVE-2023-28125 | An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | May 9, 2023. 22:15:00 | [forums.ivanti.com] |
| CVE-2023-28126 | An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | May 9, 2023. 22:15:00 | [forums.ivanti.com] |
| CVE-2023-28127 | A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. | May 9, 2023. 22:15:00 | [forums.ivanti.com] |
| CVE-2023-28128 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | May 9, 2023. 22:15:00 | [forums.ivanti.com] |
| CVE-2023-28318 | A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. | May 9, 2023. 22:15:00 | [hackerone.com] |
| CVE-2023-25831 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | May 9, 2023. 21:15:00 | [support.esri.com][www.esri.com] |
| CVE-2023-30056 | A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. | May 9, 2023. 21:15:00 | [packetstormsecurity.com][origination.com] |
| CVE-2023-30057 | Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | May 9, 2023. 21:15:00 | [packetstormsecurity.com][origination.com] |
| CVE-2018-25085 | A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. | May 9, 2023. 21:08:00 | [vuldb.com][www.drupal.org] |
| CVE-2023-29778 | GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | May 9, 2023. 21:00:00 | [glinet.com][github.com] |
| CVE-2022-4376 | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. | May 9, 2023. 20:57:00 | [hackerone.com][gitlab.com] |
| CVE-2023-0756 | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | May 9, 2023. 20:55:00 | [gitlab.com][hackerone.com] |
| CVE-2023-0805 | An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | May 9, 2023. 20:54:00 | [gitlab.com][gitlab.com] |
| CVE-2023-1178 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. | May 9, 2023. 20:53:00 | [gitlab.com][gitlab.com] |
| CVE-2023-2182 | An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users. | May 9, 2023. 20:47:00 | [gitlab.com][gitlab.com] |
| CVE-2023-31433 | A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. | May 9, 2023. 20:46:00 | [cves.at] |
| CVE-2023-22637 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. | May 9, 2023. 20:45:00 | [fortiguard.com] |
| CVE-2023-1204 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. | May 9, 2023. 20:40:00 | [gitlab.com][gitlab.com] |
| CVE-2023-1265 | An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. | May 9, 2023. 20:37:00 | [hackerone.com][gitlab.com] |
Page 120 of 129
