RiSec CyberAwareness Logo

CVEs Today

Latest Information on Common Vulnerabilities and Exposures (CVEs)

Last updated: June 2, 2023. 23:00:03

click on an item for more info;

ID Description Modified References
CVE-2023-33195 Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6. June 2, 2023. 21:15:00 [github.com][github.com]
CVE-2023-3073 Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. June 2, 2023. 20:58:00 [github.com][huntr.dev]
CVE-2023-33669 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33671 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33670 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33672 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33673 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33675 Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33761 eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33762 eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. June 2, 2023. 20:58:00 [github.com]
CVE-2023-33763 eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. June 2, 2023. 20:58:00 [github.com]
CVE-2023-3074 Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. June 2, 2023. 20:58:00 [huntr.dev][github.com]
CVE-2023-3075 Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. June 2, 2023. 20:58:00 [huntr.dev][github.com]
CVE-2022-36244 Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za. June 2, 2023. 20:57:00 [www.shopbeat.co.za]
CVE-2022-36246 Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. June 2, 2023. 20:53:00 [www.shopbeat.co.za]
CVE-2022-36247 Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za. June 2, 2023. 20:52:00 [www.shopbeat.co.za]
CVE-2022-36249 Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. June 2, 2023. 20:50:00 [www.shopbeat.co.za]
CVE-2023-31225 The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. June 2, 2023. 20:42:00 [consumer.huawei.com]
CVE-2023-29551 Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. June 2, 2023. 20:15:00 [www.mozilla.org][bugzilla.mozilla.org]
CVE-2023-32215 Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. June 2, 2023. 20:15:00 [www.mozilla.org][www.mozilla.org]


Page 1 of 146



Discord Invite
View Disclaimer