CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-2197 | HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 | May 6, 2023. 03:12:00 | [discuss.hashicorp.com] |
| CVE-2023-30063 | D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | May 6, 2023. 03:11:00 | [www.dlink.com][github.com] |
| CVE-2023-22923 | A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | May 6, 2023. 03:11:00 | [www.zyxel.com] |
| CVE-2023-25784 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions. | May 6, 2023. 03:11:00 | [patchstack.com] |
| CVE-2023-25786 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions. | May 6, 2023. 03:11:00 | [patchstack.com] |
| CVE-2023-30061 | D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | May 6, 2023. 03:10:00 | [www.dlink.com][github.com] |
| CVE-2023-29639 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. | May 6, 2023. 03:10:00 | [github.com] |
| CVE-2023-22924 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | May 6, 2023. 03:10:00 | [www.zyxel.com] |
| CVE-2022-35898 | OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | May 6, 2023. 03:10:00 | [hackandpwn.com][businessnetwork.opentext.com] |
| CVE-2023-26987 | An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. | May 6, 2023. 03:10:00 | [github.com][docs.google.com] |
| CVE-2023-29641 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | May 6, 2023. 03:09:00 | [github.com] |
| CVE-2023-25783 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. | May 6, 2023. 03:08:00 | [patchstack.com] |
| CVE-2023-2425 | A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751. | May 6, 2023. 03:07:00 | [vuldb.com][vuldb.com] |
| CVE-2023-29635 | File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. | May 6, 2023. 03:07:00 | [github.com][github.com] |
| CVE-2023-29636 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. | May 6, 2023. 03:07:00 | [github.com] |
| CVE-2023-29637 | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. | May 6, 2023. 03:07:00 | [github.com] |
Page 129 of 129
