• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0372
Embedsocial, Embedstories
Embedstories
2023-02-21
N/A
N/A
The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0371
Embedsocial
Embedstories
2023-02-21
N/A
N/A
The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0366
Loan Comparison, Quick-plugins
Loan_comparison
2023-02-21
N/A
N/A
The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0362
Portfolio Post, Themify
Portfolio_post, Post_type_builder_search_addon, Shortcodes, Woocommerce_product_filter
2023-02-15
N/A
5.4 MEDIUM
Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0361
Debian, Gnu, Redhat
Adequate, Advanced_package_tool, Amaya, Apache2, Apt, Apt-cacher, Aptlinex, Apt-listchanges, Apt-setup, Axiom, A2ps, Adns, Anubis, Aspell, Aspell_dictionary, Automake, Bash, Bc, Binutils, Binutils_gold, Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform
2023-02-24
N/A
7.5 HIGH
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
CVE-2023-0360
Location Weather, Shapedplugin
Location_weather, Logo_carousel, Post_grid,_post_carousel,_&_list_category_posts, Product_slider_for_woocommerce, Real_testimonials, Wp_tabs
2023-02-15
N/A
5.4 MEDIUM
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0358
Gpac
Mp4box
2023-01-25
N/A
7.8 HIGH
Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-0356
Socomec
Diris_a-40_firmware, Diris_a-40, Modulys_gp, Net_vision, Remote_view_pro, Remote_view_pro_firmware
2023-02-06
N/A
7.5 HIGH
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.
CVE-2023-0341
Editorconfig
2023-02-09
N/A
7.8 HIGH
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
CVE-2023-0338
Daloradius
2023-01-23
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
« Previous 1 … 11,234 11,235 11,236 11,237 11,238 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE