Total
211446 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-25664 | 1 Google | 1 Tensorflow | 2023-03-31 | N/A | 9.8 CRITICAL |
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. | |||||
CVE-2023-29059 | 2023-03-31 | N/A | N/A | ||
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application. | |||||
CVE-2023-0499 | 1 Hasthemes | 1 Quickswish | 2023-03-31 | N/A | 4.3 MEDIUM |
The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | |||||
CVE-2023-0498 | 1 Hasthemes | 1 Wp Education | 2023-03-31 | N/A | 4.3 MEDIUM |
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | |||||
CVE-2023-0497 | 1 Hasthemes | 1 Ht Portfolio | 2023-03-31 | N/A | 4.3 MEDIUM |
The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | |||||
CVE-2023-0496 | 1 Hasthemes | 1 Ht Event | 2023-03-31 | N/A | 4.3 MEDIUM |
The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | |||||
CVE-2023-0823 | 1 Hu-manity | 1 Cookie Notice \& Compliance For Gdpr \/ Ccpa | 2023-03-31 | N/A | 5.4 MEDIUM |
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2023-20080 | 1 Cisco | 2 Ios, Ios Xe | 2023-03-31 | N/A | 7.5 HIGH |
A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly. | |||||
CVE-2022-48357 | 1 Huawei | 2 Emui, Harmonyos | 2023-03-31 | N/A | 7.5 HIGH |
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel. | |||||
CVE-2023-0495 | 1 Hasthemes | 1 Ht Slider For Elementor | 2023-03-31 | N/A | 4.3 MEDIUM |
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | |||||
CVE-2023-1400 | 1 Webnus | 1 Modern Events Calendar Lite | 2023-03-31 | N/A | 4.8 MEDIUM |
The Modern Events Calendar Lite WordPress plugin through 5.16.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
CVE-2023-25197 | 1 Apache | 1 Fineract | 2023-03-31 | N/A | 6.3 MEDIUM |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2. | |||||
CVE-2023-25195 | 1 Apache | 1 Fineract | 2023-03-31 | N/A | 8.1 HIGH |
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3. | |||||
CVE-2023-25196 | 1 Apache | 1 Fineract | 2023-03-31 | N/A | 4.3 MEDIUM |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2. | |||||
CVE-2023-25828 | 1 Pluck-cms | 1 Pluck | 2023-03-31 | N/A | 7.2 HIGH |
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High) | |||||
CVE-2023-0816 | 1 Strategy11 | 1 Formidable Form Builder | 2023-03-31 | N/A | 6.5 MEDIUM |
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | |||||
CVE-2023-28650 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2023-03-31 | N/A | 6.1 MEDIUM |
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context. | |||||
CVE-2023-28655 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2023-03-31 | N/A | 5.4 MEDIUM |
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. | |||||
CVE-2023-22300 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2023-03-31 | N/A | 6.1 MEDIUM |
An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. This action would also grant the attacker privilege escalation. | |||||
CVE-2023-27927 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2023-03-31 | N/A | 6.5 MEDIUM |
An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials. |