• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0038
Ays-pro
Faq_builder, Image_slider, Personal_dictionary, Photo_gallery, Poll_maker, Popup_box, Popup_like_box, Portfolio_responsive_gallery, Quiz_maker, Secure_copy_content_protection_and_content_locking
2023-01-09
N/A
6.1 MEDIUM
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.
CVE-2023-0036
Openharmony
2023-01-12
N/A
7.8 HIGH
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
CVE-2023-0035
Openharmony
2023-01-12
N/A
7.8 HIGH
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
CVE-2023-0034
Crocoblock
Jetengine, Jetwidgets_for_elementor
2023-02-23
N/A
5.4 MEDIUM
The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0033
Pdf Viewer Project
Pdf_viewer
2023-02-07
N/A
5.4 MEDIUM
The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2023-0029
Multilaserempresas, Re708 Firmware
Re708, Re708_firmware
2023-01-09
N/A
7.5 HIGH
A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The manipulation leads to denial of service. The attack may be initiated remotely. The identifier VDB-217169 was assigned to this vulnerability.
CVE-2023-0028
Linagora, Twake
Hublin, Twake
2023-01-06
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.
CVE-2023-0025
Sap
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2023-02-21
N/A
5.4 MEDIUM
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.
CVE-2023-0024
Sap
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2023-02-21
N/A
5.4 MEDIUM
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.
CVE-2023-0023
Sap
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2023-01-13
N/A
5.7 MEDIUM
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application.
« Previous 1 … 11,252 11,253 11,254 11,255 11,256 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE