CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-24940 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | May 15, 2023. 19:28:00 | [msrc.microsoft.com] |
| CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability | May 15, 2023. 19:28:00 | [msrc.microsoft.com] |
| CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | May 15, 2023. 19:27:00 | [msrc.microsoft.com] |
| CVE-2023-24944 | Windows Bluetooth Driver Information Disclosure Vulnerability | May 15, 2023. 19:27:00 | [msrc.microsoft.com] |
| CVE-2023-30614 | Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. | May 15, 2023. 19:27:00 | [github.com][github.com] |
| CVE-2022-37306 | OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. | May 15, 2023. 19:27:00 | [packetstormsecurity.com][open-xchange.com] |
| CVE-2022-43697 | OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | May 15, 2023. 19:27:00 | [seclists.org][open-xchange.com] |
| CVE-2022-43698 | OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | May 15, 2023. 19:27:00 | [seclists.org][open-xchange.com] |
| CVE-2023-24947 | Windows Bluetooth Driver Remote Code Execution Vulnerability | May 15, 2023. 19:26:00 | [msrc.microsoft.com] |
| CVE-2022-43696 | OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. | May 15, 2023. 19:26:00 | [seclists.org][open-xchange.com] |
| CVE-2023-30512 | CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. | May 15, 2023. 19:26:00 | [github.com] |
| CVE-2023-1682 | A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239. | May 15, 2023. 19:26:00 | [vuldb.com][github.com] |
| CVE-2023-1683 | A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240. | May 15, 2023. 19:26:00 | [vuldb.com][vuldb.com] |
| CVE-2023-1681 | A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability. | May 15, 2023. 19:26:00 | [vuldb.com][github.com] |
| CVE-2023-27010 | Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. | May 15, 2023. 19:25:00 | [cwe.mitre.org][packetstormsecurity.com] |
| CVE-2023-24945 | Windows iSCSI Target Service Information Disclosure Vulnerability | May 15, 2023. 19:16:00 | [msrc.microsoft.com] |
| CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability | May 15, 2023. 19:16:00 | [msrc.microsoft.com] |
| CVE-2023-24950 | Microsoft SharePoint Server Spoofing Vulnerability | May 15, 2023. 19:15:00 | [msrc.microsoft.com] |
| CVE-2023-24949 | Windows Kernel Elevation of Privilege Vulnerability | May 15, 2023. 19:14:00 | [msrc.microsoft.com] |
| CVE-2023-23647 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions. | May 15, 2023. 17:58:00 | [patchstack.com] |
Page 94 of 129
