CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 19, 2024. 13:20:29 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-31290 | Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address. | May 10, 2023. 15:27:00 | [twitter.com][github.com] |
| CVE-2023-26089 | European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | May 10, 2023. 15:27:00 | [iuclid6.echa.europa.eu][iuclid6.echa.europa.eu] |
| CVE-2023-30205 | A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. | May 10, 2023. 15:27:00 | [github.com] |
| CVE-2023-27568 | SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= | May 10, 2023. 15:25:00 | [www.schutzwerk.com][www.schutzwerk.com] |
| CVE-2022-40207 | Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access. | May 10, 2023. 14:38:00 | [www.intel.com] |
| CVE-2022-31477 | Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | May 10, 2023. 14:38:00 | [www.intel.com] |
| CVE-2022-47875 | A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. | May 10, 2023. 13:58:00 | [docs.syslifters.com][packetstormsecurity.com] |
| CVE-2022-47876 | The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. | May 10, 2023. 13:54:00 | [docs.syslifters.com][packetstormsecurity.com] |
| CVE-2023-28092 | A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis. | May 10, 2023. 13:51:00 | [support.hpe.com] |
| CVE-2023-25492 | A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | May 10, 2023. 13:37:00 | [support.lenovo.com] |
| CVE-2023-0683 | A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | May 10, 2023. 13:24:00 | [support.lenovo.com] |
| CVE-2023-32568 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. | May 10, 2023. 13:06:00 | [www.veritas.com] |
| CVE-2023-26126 | All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. | May 10, 2023. 13:06:00 | [security.snyk.io][gist.github.com] |
| CVE-2023-2616 | Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | May 10, 2023. 13:06:00 | [github.com][huntr.dev] |
| CVE-2023-32569 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. | May 10, 2023. 13:06:00 | [www.veritas.com] |
| CVE-2023-23578 | Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port. | May 10, 2023. 13:06:00 | [www.seiko-sol.co.jp][www.seiko-sol.co.jp] |
| CVE-2022-46819 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2022-46861 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <= 6.2 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2022-47423 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2022-47590 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
Page 1253 of 1263
