• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0303
2023-01-25
N/A
7.5 HIGH
A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218384.
CVE-2023-0302
2023-01-24
N/A
7.8 HIGH
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
CVE-2023-0301
2023-01-24
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.
CVE-2023-0300
2023-01-24
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.
CVE-2023-0299
2023-01-23
N/A
9.8 CRITICAL
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
CVE-2023-0298
2023-01-25
N/A
6.5 MEDIUM
Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
CVE-2023-0297
2023-02-22
N/A
9.8 CRITICAL
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
CVE-2023-0296
Openshift, Redhat
Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform
2023-02-13
N/A
5.3 MEDIUM
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
CVE-2023-0295
2023-01-23
N/A
4.8 MEDIUM
The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2023-0294
2023-01-23
N/A
4.3 MEDIUM
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
« Previous 1 … 11,237 11,238 11,239 11,240 11,241 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE