Vulnerabilities

  

CVE-2022-38389

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing

  

CVE-2022-22486

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing

  

AI, Processor Advances Will Improve Application Security

Latest articles about Operating SystemsRead More

  

CVE-2023-24574

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an “Uncontrolled Resource Consumption vulnerability” in authentication component. An unauthenticated remote

  

CVE-2023-0576

Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte

  

CVE-2023-0253

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

  

CVE-2022-48114

RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.National Vulnerability DatabaseRead More

  

CVE-2022-48113

A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request.

  

CVE-2019-15984 (data_center_network_manager)

Latest articles about Database Management SystemsRead More

  

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization

Topic: WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Risk: Medium Text:On January 16, 2023, the

  

Control Web Panel Unauthenticated Remote Command Execution

Topic: Control Web Panel Unauthenticated Remote Command Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source:

  

Hikvision Remote Code Execution / XSS / SQL Injection

Topic: Hikvision Remote Code Execution / XSS / SQL Injection Risk: Medium Text:Detailed Information Product Name: Hikvision Vendor Home Page:

  

eCommerce Marketplace Platform CMS 1.7 SQL Injection

Topic: eCommerce Marketplace Platform CMS 1.7 SQL Injection Risk: Medium Text:…CXSECURITY Database RSS Feed – CXSecurity.comRead More

  

Hikvision Remote Code Execution / XSS / SQL Injection

Latest articles about Database Management SystemsRead More

  

Hikvision Remote Code Execution / XSS / SQL Injection

Latest articles about Operating SystemsRead More

  

CVE-2023-0639

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the

  

Antivirus vs Firewall: What Are the Differences?

Latest articles about Database Management SystemsRead More

  

CVE-2023-0400

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to

  

CVE-2023-0640

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of

  

CVE-2023-0641

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this

  

CVE-2022-2546

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response

  

CVE-2023-0637

A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the

  

CVE-2023-0638

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the

  

CVE-2022-43665

A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can

  

Multiple vulnerabilities in IBM i

Latest articles about Database Management SystemsRead More

  

Multiple vulnerabilities in IBM WebSphere Application Server Patterns

Latest articles about Database Management SystemsRead More

  

Multiple vulnerabilities in Oracle EAS Console version 11.1.2.0

Latest articles about Database Management SystemsRead More

  

ESTsoft Alyac NT header out of bounds read

Latest articles about Operating SystemsRead More

  

Multiple vulnerabilities in Oracle EPM Workspace version 11.2.3.0.0.05

Latest articles about Database Management SystemsRead More

  

CVE-2023-25015

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.National Vulnerability DatabaseRead More

  

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing

  

CVE-2023-25014

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing

  

Debian update for openjdk-17

Latest articles about Database Management SystemsRead More

  

Debian update for openjdk-17

Latest articles about Operating SystemsRead More

  

ISC StormCast for Thursday, February 2nd, 2023

Latest articles about Operating SystemsRead More

  

Debian update for openjdk-17

Latest articles about LinuxRead More

  

Slackware: 2023-032-01: apr Security Update

New apr packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More

  

Slackware: 2023-032-03: mozilla-thunderbird Security Update

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue.LinuxSecurity – Security AdvisoriesRead More

  

Slackware: 2023-032-02: apr-util Security Update

New apr-util packages are available for Slackware 15.0 and -current to fix a security issue.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-45782

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm

  

CVE-2022-45783

An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can

  

CVE-2022-47872

maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF).National Vulnerability DatabaseRead More

  

io_uring Same Type Object Reuse Privilege Escalation

Latest articles about Operating SystemsRead More

  

CVE-2023-23750

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling

  

CVE-2023-23751

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.National

  

CVE-2023-0599

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of

  

Rapid7’s Metasploit Framework 6.3 is now available

Latest articles about Database Management SystemsRead More

  

CVE-2022-37034

In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download

  

CVE-2023-25012

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED

  

CVE-2023-20073 | Cisco RV340/RV340W/RV345/RV345P unrestricted upload (cisco-sa-sb-rv-afu-EXxwA65V)

A vulnerability classified as critical has been found in Cisco RV340, RV340W, RV345 and RV345P. This affects an unknown part.

  

CVE-2023-20076 | Cisco IOS IOx Application Hosting Environment command injection (cisco-sa-iox-8whGn5dL)

A vulnerability was found in Cisco IOS. It has been rated as critical. Affected by this issue is some unknown

  

CVE-2023-20023 | Cisco Identity Services Engine CLI command injection (cisco-sa-ise-os-injection-pxhKsDM)

A vulnerability has been found in Cisco Identity Services Engine and classified as critical. Affected by this vulnerability is an

  

CVE-2023-20022 | Cisco Identity Services Engine CLI command injection (cisco-sa-ise-os-injection-pxhKsDM)

A vulnerability, which was classified as critical, was found in Cisco Identity Services Engine. Affected is an unknown function of

  

CVE-2023-20021 | Cisco Identity Services Engine CLI command injection (cisco-sa-ise-os-injection-pxhKsDM)

A vulnerability, which was classified as critical, has been found in Cisco Identity Services Engine. This issue affects some unknown

  

CVE-2023-20030 | Cisco Identity Services Engine xml external entity reference (cisco-sa-ise-xxe-inj-GecEHY58)

A vulnerability classified as problematic was found in Cisco Identity Services Engine. This vulnerability affects unknown code. The manipulation leads

  

CVE-2023-22284

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes:

  

CVE-2023-0619

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its

  

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.National Vulnerability DatabaseRead More

  

CVE-2023-20068 | Cisco Prime Infrastructure cross site scripting (cisco-sa-cisco-pi-xss-PU6dnfD9)

A vulnerability was found in Cisco Prime Infrastructure and classified as problematic. Affected by this issue is some unknown functionality.

  

CVE-2023-23075

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.National

  

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.National Vulnerability DatabaseRead More

  

CVE-2023-23074

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.National Vulnerability DatabaseRead

  

CVE-2023-22287

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes:

  

CVE-2023-23073

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.National Vulnerability DatabaseRead More

  

CVE-2023-23078

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in

  

CVE-2023-23077

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status

  

CVE-2023-22340

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP

  

CVE-2022-47983

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in

  

CVE-2023-22374

In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists