CVE · Apr 1, 2023 · 12:00 AM UTC

CVE

CVE @CVEnew

19m

CVE-2023-28845 Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain informa... cve.mitre.org/cgi-bin/cvenam…

CVE · Apr 1, 2023 · 12:00 AM UTC

CVE @CVEnew

19m

CVE-2023-28844 Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been ... cve.mitre.org/cgi-bin/cvenam…

CVE · Apr 1, 2023 · 12:00 AM UTC

CVE @CVEnew

19m

CVE-2023-28645 Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich d... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2023-26485 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhau... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2023-24824 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of ... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2022-47192 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2022-47190 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2022-47188 There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2022-47189 Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2022-47191 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 11:00 PM UTC

CVE @CVEnew

CVE-2022-46021 X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 9:00 PM UTC

CVE @CVEnew

CVE-2023-1785 A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id lead... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 9:00 PM UTC

CVE @CVEnew

CVE-2023-1784 A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated r... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 9:00 PM UTC

CVE @CVEnew

CVE-2023-26858 SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 9:00 PM UTC

CVE @CVEnew

CVE-2022-4899 A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 8:00 PM UTC

CVE @CVEnew

CVE-2023-29141 An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 8:00 PM UTC

CVE @CVEnew

CVE-2023-27163 request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a craft... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 8:00 PM UTC

CVE @CVEnew

CVE-2023-27162 openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information v... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 8:00 PM UTC

CVE @CVEnew

CVE-2023-27160 forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST re... cve.mitre.org/cgi-bin/cvenam…

CVE · Mar 31, 2023 · 8:00 PM UTC

CVE @CVEnew

CVE-2023-27159 Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET ... cve.mitre.org/cgi-bin/cvenam…