CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 18, 2024. 23:40:31 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-1660 | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard | May 11, 2023. 18:50:00 | [wpscan.com] |
| CVE-2023-30434 | IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | May 11, 2023. 18:45:00 | [www.ibm.com][www.ibm.com] |
| CVE-2023-30054 | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | May 11, 2023. 18:38:00 | [github.com] |
| CVE-2023-30053 | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | May 11, 2023. 18:31:00 | [github.com] |
| CVE-2022-47437 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions. | May 11, 2023. 18:29:00 | [patchstack.com] |
| CVE-2022-45065 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. | May 11, 2023. 18:29:00 | [patchstack.com] |
| CVE-2022-47439 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions. | May 11, 2023. 18:28:00 | [patchstack.com] |
| CVE-2023-2560 | A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. | May 11, 2023. 18:27:00 | [vuldb.com][vuldb.com] |
| CVE-2022-22313 | IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | May 11, 2023. 18:24:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-29941 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | May 11, 2023. 18:23:00 | [github.com] |
| CVE-2023-29942 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | May 11, 2023. 18:23:00 | [github.com] |
| CVE-2022-43877 | IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | May 11, 2023. 18:22:00 | [exchange.xforce.ibmcloud.com][www.ibm.com] |
| CVE-2022-4118 | The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users | May 11, 2023. 18:20:00 | [wpscan.com] |
| CVE-2023-29939 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). | May 11, 2023. 18:19:00 | [github.com] |
| CVE-2023-29935 | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | May 11, 2023. 18:17:00 | [github.com] |
| CVE-2023-2565 | A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172. | May 11, 2023. 17:54:00 | [vuldb.com][vuldb.com] |
| CVE-2020-18132 | Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit. | May 11, 2023. 17:53:00 | [github.com][github.com] |
| CVE-2020-19660 | Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values. | May 11, 2023. 17:53:00 | [github.com][github.com] |
| CVE-2020-18282 | Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. | May 11, 2023. 17:53:00 | [github.com][github.com] |
| CVE-2022-43950 | A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. | May 11, 2023. 17:51:00 | [fortiguard.com] |
Page 1243 of 1261
