CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
ID | Description | Modified | References |
---|---|---|---|
CVE-2023-30550 | MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0. | May 10, 2023. 19:49:00 | [github.com][github.com] |
CVE-2023-30264 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | May 10, 2023. 19:49:00 | [gist.github.com] |
CVE-2023-21505 | Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | May 10, 2023. 19:49:00 | [security.samsungmobile.com] |
CVE-2023-30203 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. | May 10, 2023. 19:48:00 | [github.com] |
CVE-2023-29240 | An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 19:44:00 | [my.f5.com] |
CVE-2023-21501 | Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | May 10, 2023. 19:40:00 | [security.samsungmobile.com] |
CVE-2023-23059 | An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | May 10, 2023. 19:20:00 | [gv-edge.com][geovision.com] |
CVE-2023-20126 | A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability. | May 10, 2023. 19:17:00 | [sec.cloudapps.cisco.com] |
CVE-2023-2524 | A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | May 10, 2023. 19:13:00 | [vuldb.com][vuldb.com] |
CVE-2023-2523 | A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | May 10, 2023. 19:06:00 | [github.com][vuldb.com] |
CVE-2023-29163 | When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:47:00 | [my.f5.com] |
CVE-2023-28742 | When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:46:00 | [my.f5.com] |
CVE-2023-29868 | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. | May 10, 2023. 18:45:00 | [zammad.com] |
CVE-2023-27378 | Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:42:00 | [my.f5.com] |
CVE-2023-24461 | An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:29:00 | [my.f5.com] |
CVE-2023-22372 | In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:28:00 | [my.f5.com] |
CVE-2023-21493 | Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | May 10, 2023. 18:26:00 | [security.samsungmobile.com] |
CVE-2023-21490 | Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | May 10, 2023. 18:25:00 | [security.samsungmobile.com] |
CVE-2023-21491 | Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | May 10, 2023. 18:25:00 | [security.samsungmobile.com] |
CVE-2023-21492 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | May 10, 2023. 18:25:00 | [security.samsungmobile.com] |
Page 1330 of 1342