CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 15, 2025. 23:16:38
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2022-48020 | Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser. | May 12, 2023. 16:15:00 | [www.linkedin.com][seq.team] |
| CVE-2023-22685 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions. | May 12, 2023. 16:15:00 | [patchstack.com] |
| CVE-2023-23810 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions. | May 12, 2023. 16:15:00 | [patchstack.com] |
| CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | May 12, 2023. 16:15:00 | [github.com][python.org] |
| CVE-2022-47334 | In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 12, 2023. 16:14:00 | [www.unisoc.com] |
| CVE-2022-47490 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 16:09:00 | [www.unisoc.com] |
| CVE-2022-48384 | In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | May 12, 2023. 16:09:00 | [www.unisoc.com] |
| CVE-2023-1385 | Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. | May 12, 2023. 16:07:00 | [www.bitdefender.com] |
| CVE-2022-47492 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 16:06:00 | [www.unisoc.com] |
| CVE-2022-47493 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 16:06:00 | [www.unisoc.com] |
| CVE-2023-22787 | An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | May 12, 2023. 15:58:00 | [www.arubanetworks.com] |
| CVE-2020-22755 | File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. | May 12, 2023. 15:38:00 | [github.com][github.com] |
| CVE-2020-23966 | SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. | May 12, 2023. 15:37:00 | [github.com][github.com] |
| CVE-2020-36065 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | May 12, 2023. 15:36:00 | [github.com][github.com] |
| CVE-2021-27280 | OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected. | May 12, 2023. 15:36:00 | [github.com][github.com] |
| CVE-2021-28998 | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | May 12, 2023. 15:35:00 | [github.com][seclists.org] |
| CVE-2023-0280 | The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | May 12, 2023. 15:35:00 | [wpscan.com] |
| CVE-2022-38685 | In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | May 12, 2023. 15:30:00 | [www.unisoc.com] |
| CVE-2022-39089 | In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 12, 2023. 15:29:00 | [www.unisoc.com] |
| CVE-2022-44419 | In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. | May 12, 2023. 15:28:00 | [www.unisoc.com] |
Page 2 of 41