Total
19153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1610 | 1 Ruifang-tech | 1 Rebuild | 2023-03-29 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-28152 | 1 Independentsoft | 1 Jword | 2023-03-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | |||||
| CVE-2022-28496 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2023-03-29 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2023-20951 | 1 Google | 1 Android | 2023-03-29 | N/A | 9.8 CRITICAL |
| In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258652631 | |||||
| CVE-2023-28371 | 1 Stellarium | 1 Stellarium | 2023-03-29 | N/A | 9.8 CRITICAL |
| In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. | |||||
| CVE-2023-27034 | 1 Joommasters | 1 Jms Blog | 2023-03-28 | N/A | 9.8 CRITICAL |
| PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-28611 | 1 Omicronenergy | 2 Stationguard, Stationscout | 2023-03-28 | N/A | 9.8 CRITICAL |
| Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. | |||||
| CVE-2023-24655 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-28 | N/A | 9.8 CRITICAL |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function. | |||||
| CVE-2022-28494 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2023-03-28 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2023-27100 | 2 Netgate, Pfsense | 2 Pfsense Plus, Pfsense | 2023-03-28 | N/A | 9.8 CRITICAL |
| Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. | |||||
| CVE-2023-27060 | 1 Lightcms Project | 1 Lightcms | 2023-03-28 | N/A | 9.8 CRITICAL |
| LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. | |||||
| CVE-2023-28667 | 1 Leadgenerated | 1 Lead Generated | 2023-03-28 | N/A | 9.8 CRITICAL |
| The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function without being sanitized or verified, and as a result could lead to PHP object injection, which when combined with certain class implementations / gadget chains could be leveraged to perform a variety of malicious actions granted a POP chain is also present. | |||||
| CVE-2023-28662 | 1 Codemenschen | 1 Gift Vouchers | 2023-03-28 | N/A | 9.8 CRITICAL |
| The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. | |||||
| CVE-2022-42499 | 1 Google | 1 Android | 2023-03-28 | N/A | 9.8 CRITICAL |
| In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242001391References: N/A | |||||
| CVE-2022-42498 | 1 Google | 1 Android | 2023-03-28 | N/A | 9.8 CRITICAL |
| In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240662453References: N/A | |||||
| CVE-2023-1571 | 1 Datagear | 1 Datagear | 2023-03-28 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in DataGear up to 4.5.0. This affects an unknown part of the file /analysisProject/pagingQueryData. The manipulation of the argument queryOrder leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223563. | |||||
| CVE-2022-34773 | 1 Tabit | 1 Tabit | 2023-03-28 | N/A | 9.8 CRITICAL |
| Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection. | |||||
| CVE-2022-32207 | 5 Apple, Debian, Fedoraproject and 2 more | 18 Macos, Debian Linux, Fedora and 15 more | 2023-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||
| CVE-2022-38580 | 1 Zalando | 1 Skipper | 2023-03-28 | N/A | 9.8 CRITICAL |
| Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-32272 | 1 Opswat | 1 Metadefender | 2023-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. | |||||