• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-22911
2023-01-27
N/A
6.1 MEDIUM
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.
CVE-2023-22910
2023-01-26
N/A
5.4 MEDIUM
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability.
CVE-2023-22909
2023-01-27
N/A
5.3 MEDIUM
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.
CVE-2023-22903
2023-01-13
N/A
9.8 CRITICAL
api/views/user.py in LibrePhotos before e19e539 has incorrect access control.
CVE-2023-22900
2023-02-07
N/A
9.8 CRITICAL
Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
CVE-2023-22899
2023-01-30
N/A
5.9 MEDIUM
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
CVE-2023-22898
2023-01-13
N/A
6.5 MEDIUM
workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).
CVE-2023-22895
2023-01-13
N/A
7.5 HIGH
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.
CVE-2023-22885
2023-01-11
N/A
N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2023-22884
Airflow Mysql Provider, Apache
Accumulo, Activemq, Activemq_apollo, Activemq_artemis, Age, Airavata_django_portal, Airflow, Airflow_mysql_provider, Alarm_instance_management, Allura
2023-01-31
N/A
9.8 CRITICAL
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
« Previous 1 … 11,144 11,145 11,146 11,147 11,148 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE