CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform
2023-01-23
N/A
6.5 MEDIUM
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
Gm7, Gm7_firmware, Gm7u, Gm7u_firmware, K120s, K120s_firmware, K80s, K80s_firmware, Xbc-dn10e, Xbc-dn10e_firmware
2023-02-24
N/A
7.5 HIGH
If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.
Gm7, Gm7_firmware, Gm7u, Gm7u_firmware, K120s, K120s_firmware, K80s, K80s_firmware, Xbc-dn10e, Xbc-dn10e_firmware
2023-02-24
N/A
9.1 CRITICAL
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.
Nessus, Appliance, Jira_cloud, Log_correlation_engine, Nessus_agent, Nessus_amazon_machine_image, Nessus_network_monitor, Plugin-set, Securitycenter, Tenable.io
2023-01-28
N/A
8.8 HIGH
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.
Location_weather, Logo_carousel, Post_grid,_post_carousel,_&_list_category_posts, Product_slider_for_woocommerce, Real_testimonials, Wp_tabs
2023-02-07
N/A
5.4 MEDIUM
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
2023-02-13
N/A
5.4 MEDIUM
The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.