Total
508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4798 | 1 Usememos | 1 Memos | 2023-03-02 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2019-12252 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-03-01 | 6.5 Medium |
| In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | ||||
| CVE-2022-0691 | 1 Url-parse Project | 1 Url-parse | 2023-02-23 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | ||||
| CVE-2022-0686 | 1 Url-parse Project | 1 Url-parse | 2023-02-23 | 9.1 Critical |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | ||||
| CVE-2022-0639 | 1 Url-parse Project | 1 Url-parse | 2023-02-23 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | ||||
| CVE-2022-0512 | 1 Url-parse Project | 1 Url-parse | 2023-02-23 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | ||||
| CVE-2023-25160 | 1 Nextcloud | 1 Mail | 2023-02-22 | 5.3 Medium |
| Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available. | ||||
| CVE-2022-34138 | 1 Biltema | 4 Baby Camera, Baby Camera Firmware, Ip Camera and 1 more | 2023-02-10 | 7.5 High |
| Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. | ||||
| CVE-2021-24374 | 1 Automattic | 1 Jetpack | 2023-02-04 | 5.3 Medium |
| The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. | ||||
| CVE-2022-43326 | 1 Telosalliance | 2 Omnia Mpx Node, Omnia Mpx Node Firmware | 2023-02-01 | 7.5 High |
| An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords. | ||||
| CVE-2019-9921 | 1 Harmistechnology | 1 Je Messenger | 2023-01-31 | 6.5 Medium |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. | ||||
| CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-30 | 8.8 High |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. | ||||
| CVE-2022-40319 | 1 Lsoft | 1 Listserv | 2023-01-25 | 7.5 High |
| The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. | ||||
| CVE-2019-13605 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360. | ||||
| CVE-2019-14725 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 4.3 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. | ||||
| CVE-2019-14721 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 6.5 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | ||||
| CVE-2019-13360 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | ||||
| CVE-2019-14724 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 7.5 High |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | ||||
| CVE-2023-22471 | 1 Nextcloud | 1 Deck | 2023-01-24 | 4.3 Medium |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | ||||
| CVE-2022-46179 | 1 Liuos Project | 1 Liuos | 2023-01-13 | 7.8 High |
| LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) by requiring the var to be set to true, causing a test script to run instead of being able to login. A potential workaround is to check for the GITHUB_ACTIONS environment variable and set it to "" (no quotes) to null the variable and force credential checks. | ||||