CVEs Today

Latest Information on Common Vulnerabilities and Exposures (CVEs)

Last updated: May 31, 2023. 01:20:03

click on an item for more info;

ID	Description	Modified	References
CVE-2023-31995	Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS).	May 30, 2023. 18:45:00	[www.hanwhavision.com][hanwhavisionamerica.com]
CVE-2023-29919	SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.	May 30, 2023. 18:35:00	[github.com][www.solarview.io]
CVE-2023-27068	Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.	May 30, 2023. 18:27:00	[blogs.night-wolf.io][dev.sitecore.net]
CVE-2020-20012	WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.	May 30, 2023. 18:22:00	[gist.github.com][wzqpt.hfut.edu.cn]
CVE-2011-1207	The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.	May 30, 2023. 18:20:00	[www.vupen.com][secunia.com]
CVE-2023-2494	The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.	May 30, 2023. 17:48:00	[codecanyon.net][www.wordfence.com]
CVE-2022-47446	Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions.	May 30, 2023. 17:47:00	[patchstack.com]
CVE-2022-47447	Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.	May 30, 2023. 17:46:00	[patchstack.com]
CVE-2022-47448	Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - MS plugin <= 1.12.03 versions.	May 30, 2023. 17:45:00	[patchstack.com]
CVE-2023-25028	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions.	May 30, 2023. 17:44:00	[patchstack.com]
CVE-2023-23301	The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.	May 30, 2023. 17:38:00	[github.com]
CVE-2023-23302	The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.	May 30, 2023. 17:37:00	[github.com][developer.garmin.com]
CVE-2023-23303	The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.	May 30, 2023. 17:37:00	[github.com][developer.garmin.com]
CVE-2023-23304	The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.	May 30, 2023. 17:36:00	[github.com][developer.garmin.com]
CVE-2023-23305	The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.	May 30, 2023. 17:35:00	[github.com]
CVE-2023-23306	The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware.	May 30, 2023. 17:34:00	[github.com][developer.garmin.com]
CVE-2023-31517	Teeworlds v0.7.5 was discovered to contain memory leaks.	May 30, 2023. 17:33:00	[gist.github.com][teeworlds.com]
CVE-2023-31752	SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.	May 30, 2023. 17:32:00	[github.com]
CVE-2023-31860	Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.	May 30, 2023. 17:30:00	[github.com]
CVE-2023-26117	Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.	May 30, 2023. 17:20:00	[stackblitz.com][security.snyk.io]

Previous 1...5 6 7...129 Next

Page 6 of 129

View Disclaimer