• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0581
Lcweb
Privatecontent
2023-02-06
N/A
5.3 MEDIUM
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.
CVE-2023-0575
Yugabyte, Yugabytedb
Db_enterprise, Yugabytedb, Yugabytedb_managed
2023-02-17
N/A
9.8 CRITICAL
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.
CVE-2023-0574
Yugabyte, Yugabytedb Managed
Db_enterprise, Yugabytedb, Yugabytedb_managed
2023-02-16
N/A
9.8 CRITICAL
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13.
CVE-2023-0572
Froxlor
2023-02-07
N/A
5.3 MEDIUM
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
CVE-2023-0571
Canteen Management System Project
Canteen_management_system
2023-02-07
N/A
5.4 MEDIUM
A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability.
CVE-2023-0570
Online Tours & Travels Management System Project
2023-02-07
N/A
9.8 CRITICAL
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file useroperationspayment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability.
CVE-2023-0569
Publify Project
Publify
2023-02-06
N/A
6.5 MEDIUM
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
CVE-2023-0568
Php
Animated_smiley_generator, Archive_tar, Ar_memberscript, Blog_cms, Bloq, Com_extensions, Comoblog, Directory_listing_script, Dirlist, Easymoblog
2023-02-24
N/A
9.8 CRITICAL
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
CVE-2023-0566
Froxlor
2023-02-07
N/A
4.8 MEDIUM
Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
CVE-2023-0565
Froxlor
2023-02-07
N/A
4.9 MEDIUM
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
« Previous 1 … 11,224 11,225 11,226 11,227 11,228 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE