• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0840
Phpcrazy Project
Phpcrazy
2023-02-23
N/A
5.4 MEDIUM
A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability.
CVE-2023-0830
Easynas
2023-02-22
N/A
8.8 HIGH
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-220950 is the identifier assigned to this vulnerability.
CVE-2023-0827
Pimcore
Adminbundle, Customer_management_framework, Data-hub, Perspective_editor, Admin_classic_bundle, Core, Customer-data-framework, Customer_data_framework
2023-02-22
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.
CVE-2023-0822
Deltaww, Diaenergie
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2023-02-17
N/A
N/A
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
CVE-2023-0821
Hashicorp
Boundary, Consul, Consul_docker_image, Consul_template, Go-getter, Go-slug, Nomad, Packer, Sentinel, Terraform
2023-02-25
N/A
6.5 MEDIUM
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
CVE-2023-0819
Gpac
Mp4box
2023-02-22
N/A
7.8 HIGH
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0818
Gpac
Mp4box
2023-02-22
N/A
5.5 MEDIUM
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0817
Gpac
Mp4box
2023-02-22
N/A
7.8 HIGH
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0814
Cozmoslabs
Client_portal, Custom_post_types_and_custom_fields_creator, Membership_&_content_restriction_-_paid_member_subscriptions, Profile_builder, Translatepress, User_profile_picture
2023-02-15
N/A
6.5 MEDIUM
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. This does require the Usermeta shortcode be enabled to be exploited.
CVE-2023-0810
Btcpayserver
Btcpay_server
2023-02-21
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.
« Previous 1 … 11,210 11,211 11,212 11,213 11,214 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE