The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2023-20008 - A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on f... read CVE-2023-20008
Published: January 20, 2023; 2:15:13 AM -0500V3.1: 7.1 HIGH
-
CVE-2021-27782 - HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
Published: January 20, 2023; 2:15:10 AM -0500V3.1: 7.5 HIGH
-
CVE-2022-45926 - An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
Published: January 18, 2023; 4:15:10 PM -0500V3.1: 8.8 HIGH
-
CVE-2022-38112 - In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
Published: January 20, 2023; 1:15:10 PM -0500V3.1: 7.5 HIGH
-
CVE-2023-22910 - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users... read CVE-2023-22910
Published: January 20, 2023; 1:15:10 PM -0500V3.1: 5.4 MEDIUM
-
CVE-2022-45925 - An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of ... read CVE-2022-45925
Published: January 18, 2023; 4:15:10 PM -0500V3.1: 7.5 HIGH
-
CVE-2022-45924 - An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
Published: January 18, 2023; 4:15:10 PM -0500V3.1: 8.1 HIGH
-
CVE-2023-23024 - Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... read CVE-2023-23024
Published: January 20, 2023; 2:15:18 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2023-22912 - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
Published: January 20, 2023; 1:15:10 PM -0500V3.1: 5.3 MEDIUM
-
CVE-2023-23015 - Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.
Published: January 20, 2023; 2:15:18 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2023-23490 - The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.
Published: January 20, 2023; 2:15:18 PM -0500V3.1: 8.8 HIGH
-
CVE-2015-1465 - The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of servic... read CVE-2015-1465
Published: April 05, 2015; 5:59:01 PM -0400V2.0: 7.8 HIGH
-
CVE-2023-0126 - Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
Published: January 19, 2023; 3:15:10 PM -0500V3.1: 7.5 HIGH
-
CVE-2023-23488 - The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
Published: January 20, 2023; 1:15:10 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2023-23489 - The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
Published: January 20, 2023; 1:15:10 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2022-45922 - An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which requi... read CVE-2022-45922
Published: January 18, 2023; 4:15:10 PM -0500V3.1: 8.8 HIGH
-
CVE-2020-21152 - SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.
Published: January 20, 2023; 2:15:12 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2020-29297 - Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering-system 1.0.
Published: January 20, 2023; 2:15:13 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2022-41733 - IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583.
Published: January 20, 2023; 2:15:15 PM -0500V3.1: 5.3 MEDIUM
-
CVE-2016-4232 - Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.
Published: July 12, 2016; 10:00:39 PM -0400V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM