CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 9, 2024. 12:40:32 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2022-47937 | ** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries. | May 15, 2023. 10:15:00 | [github.com][lists.apache.org] |
| CVE-2022-22508 | Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. | May 15, 2023. 10:15:00 | [customers.codesys.com] |
| CVE-2022-47391 | In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | May 15, 2023. 10:15:00 | [customers.codesys.com] |
| CVE-2023-1698 | In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. | May 15, 2023. 09:15:00 | [cert.vde.com] |
| CVE-2023-2591 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | May 15, 2023. 06:15:00 | [huntr.dev][github.com] |
| CVE-2020-12069 | In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. | May 15, 2023. 06:15:00 | [cert.vde.com][cert.vde.com] |
| CVE-2023-27783 | An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. | May 15, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2023-27784 | An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27785 | An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27786 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. | May 15, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2023-27787 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27788 | An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27789 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. | May 15, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2010-4645 | strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. | May 15, 2023. 00:15:00 | [hal.archives-ouvertes.fr][www.securityfocus.com] |
| CVE-2023-2695 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228976. | May 14, 2023. 11:15:00 | [vuldb.com][github.com] |
| CVE-2023-2696 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228977 was assigned to this vulnerability. | May 14, 2023. 11:15:00 | [github.com][vuldb.com] |
| CVE-2023-2694 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228975. | May 14, 2023. 10:15:00 | [vuldb.com][github.com] |
| CVE-2023-2691 | A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972. | May 14, 2023. 09:15:00 | [vuldb.com][github.com] |
| CVE-2023-2692 | A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability. | May 14, 2023. 09:15:00 | [github.com][vuldb.com] |
| CVE-2023-2693 | A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228974 is the identifier assigned to this vulnerability. | May 14, 2023. 09:15:00 | [vuldb.com][vuldb.com] |
Page 1224 of 1253
