CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-24955 | Microsoft SharePoint Server Remote Code Execution Vulnerability | May 16, 2023. 15:13:00 | [msrc.microsoft.com] |
| CVE-2023-30237 | CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. | May 16, 2023. 15:12:00 | [www.pentestpartners.com][cyberghostvpn.com] |
| CVE-2023-22813 | A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126. | May 16, 2023. 15:01:00 | [www.westerndigital.com] |
| CVE-2023-29343 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | May 16, 2023. 14:57:00 | [msrc.microsoft.com] |
| CVE-2023-0537 | The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | May 16, 2023. 14:56:00 | [wpscan.com] |
| CVE-2023-0542 | The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | May 16, 2023. 14:49:00 | [wpscan.com] |
| CVE-2023-1408 | The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | May 16, 2023. 14:45:00 | [wpscan.com] |
| CVE-2023-0526 | The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | May 16, 2023. 14:39:00 | [wpscan.com] |
| CVE-2023-0514 | The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | May 16, 2023. 14:34:00 | [wpscan.com] |
| CVE-2023-2615 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | May 16, 2023. 14:26:00 | [huntr.dev][github.com] |
| CVE-2023-2614 | Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | May 16, 2023. 14:19:00 | [github.com][huntr.dev] |
| CVE-2023-23786 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions. | May 16, 2023. 14:18:00 | [patchstack.com] |
| CVE-2023-24392 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions. | May 16, 2023. 14:17:00 | [patchstack.com] |
| CVE-2023-24418 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions. | May 16, 2023. 14:17:00 | [patchstack.com] |
| CVE-2023-30608 | sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. | May 16, 2023. 14:15:00 | [github.com][owasp.org] |
| CVE-2022-32528 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | May 16, 2023. 14:15:00 | [download.schneider-electric.com] |
| CVE-2023-2534 | Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32. | May 16, 2023. 14:13:00 | [otrs.com] |
| CVE-2022-32970 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions. | May 16, 2023. 14:11:00 | [patchstack.com] |
| CVE-2023-23543 | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camera | May 16, 2023. 14:09:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27928 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts | May 16, 2023. 12:58:00 | [support.apple.com][support.apple.com] |
Page 90 of 129
