VulDB is a vulnerability database documenting more than 174000 vulnerabilities since 1970. The following list shows the latest vulnerabilities threats and exploits
- CVE-2022-45938 | Comcast microeisbss up to 2021 Inventory Management Device ID cross site scripting
- CVE-2023-2062 | Mitsubishi Electric MELSEC iQ-R missing password field masking
- CVE-2023-2061 | Mitsubishi Electric MELSEC iQ-R FTP hard-coded password
- CVE-2023-2060 | Mitsubishi Electric MELSEC iQ-R FTP weak password
- CVE-2023-33754 | Inpiazza Cloud WiFi prior 4.2.17 Captive Portal excessive authentication
- CVE-2023-2063 | Mitsubishi Electric MELSEC iQ-R unrestricted upload
- CVE-2023-27640 | tshirtecommerce 2.1.4 on PrestaShop POST Parameter fonts.php type path traversal
- CVE-2023-27639 | tshirtecommerce 2.1.4 on PrestaShop POST Parameter ajax.php file_name path traversal
- CVE-2023-32628 | Advantech WebAccss/SCADA up to 9.1.3 Certificate File unrestricted upload (icsa-23-152-01)
- CVE-2023-22450 | Advantech WebAccss/SCADA up to 9.1.3 unrestricted upload (icsa-23-152-01)
- CVE-2023-32540 | Advantech WebAccss/SCADA up to 9.1.3 code injection (icsa-23-152-01)
- CVE-2023-2904 | HID SAFE up to 5.11.3 API modification of assumed-immutable data (icsa-23-152-02)
- CVE-2023-33243 | Starface up to 7.3.0.10 improper authentication
- CVE-2023-2249 | wpForo Forum Plugin up to 2.1.7 on WordPress Phar Deserialization file_get_contents server-side request forgery
- CVE-2023-34183 | Unite Gallery Lite Plugin up to 1.7.60 on WordPress cross site scripting
- CVE-2023-34186 | Headless CMS up to 2.0.3 on WordPress authorization
- CVE-2023-34182 | LH Password Changer Plugin up to 1.55 on WordPress cross-site request forgery
- CVE-2023-34185 | NextGen GalleryView Plugin up to 0.5.5 on WordPress cross-site request forgery
- CVE-2023-34178 | Groundhogg Plugin up to 2.7.10.3 on WordPress cross-site request forgery
- CVE-2023-25800 | Tutor LMS Plugin up to 2.2.0 on WordPress sql injection
- CVE-2023-34184 | Woocommerce Order address Print Plugin up to 3.2 on WordPress cross site scripting
- CVE-2023-2833 | ReviewX Plugin up to 1.6.13 on WordPress Usermeta Update Privilege Escalation
- CVE-2023-2201 | Web Directory Free Plugin up to 1.6.7 on WordPress post_id sql injection
- CVE-2023-2068 | File Manager Advanced Shortcode Plugin up to 2.3.2 on WordPress unrestricted upload
- CVE-2023-32711 | Splunk Enterprise up to 8.1.13/8.2.10/9.0.4 Bootstrap Web Framework cross site scripting (SVD-2023-0605)
- CVE-2023-32715 | Splunk App for Lookup File Editing up to 4.0.0 cross site scripting (SVD-2023-0610)
- CVE-2023-32714 | Splunk App for Lookup File Editing up to 4.0.0 Web Request path traversal (SVD-2023-0608)
- CVE-2023-32713 | Splunk App for Stream up to 8.1.0 streamfwd privileges management (SVD-2023-0607)
- CVE-2023-33960 | OpenProject up to 12.5.5 Public Project /robots.txt information disclosure (GHSA-xjfc-fqm3-95q8)
- CVE-2023-32717 | Splunk Enterprise/Cloud Platform REST Endpoint preview access control (SVD-2023-0612)
- CVE-2023-32716 | Splunk Enterprise/Cloud Platform SPL Command denial of service (SVD-2023-0611)
- CVE-2023-32712 | Splunk Enterprise up to 8.1.13/8.2.10/9.0.4 Web URL log file (SVD-2023-0606)
- CVE-2023-32710 | Splunk Enterprise/Cloud Platform Search information disclosure (SVD-2023-0609)
- CVE-2023-32709 | Splunk Enterprise/Cloud Platform REST Endpoint information disclosure (SVD-2023-0604)
- CVE-2023-32708 | Splunk Enterprise/Cloud Platform REST Endpoint response splitting (SVD-2023-0603)
- CVE-2023-32707 | Splunk Enterprise/Cloud Platform Web Request improper authorization (SVD-2023-0602)
- CVE-2023-32706 | Splunk Enterprise up to 8.1.13/8.2.10/9.0.4 XML Parser denial of service (SVD-2023-0601)
- CVE-2023-34092 | Vite up to 4.3.8 path equivalence (GHSA-353f-5xf4-qw67)
- CVE-2023-32690 | libspdm up to 2.3.2 input validation (ID 2068)
- CVE-2023-34091 | Kyverno up to 1.9.x deletionTimestamp improper authorization (GHSA-hq4m-4948-64cc)
- CVE-2023-33552 | erofs-utils 1.6 erofs Filesystem Image data.c erofs_read_one_data heap-based overflow
- CVE-2023-33551 | erofs-utils 1.6 erofs Filesystem Image fsck/main.c erofsfsck_dirent_iter heap-based overflow
- CVE-2023-28066 | Dell OS Recovery Tool 2.2.4013/2.3.7012.0 access control (dsa-2023-147)
- CVE-2023-33965 | Brook prior 20230606 tproxy Server os command injection (GHSA-vfrj-fv6p-3cpf)
- CVE-2023-32310 | Dataease up to 1.18.6 API Interface authorization (GHSA-7hv6-gv38-78wj)
- CVE-2023-33963 | DataEase up to 1.18.6 Datasource deserialization (GHSA-m26j-gh4m-xh9f)
- CVE-2023-28043 | Dell SCG 5.14 SRS to SCG Upgrade risky encryption (dsa-2023-164)
- CVE-2022-43760 | SUSE Rancher up to 2.7.3 cross site scripting (GHSA-46v3-ggjg-qq3x)
- CVE-2023-22647 | SUSE Rancher up to 2.7.3 privileges management (GHSA-p976-h52c-26p6)
- CVE-2023-33546 | janino up to 3.1.9 denial of service (Issue 201)
- CVE-2023-33544 | hawtio 2.17.2 ZIP Decompression path traversal (Issue 2832)
- CVE-2023-22648 | SUSE Rancher up to 2.7.3 Azure AD privileges management (GHSA-vf6j-6739-78m8)
- CVE-2023-3035 | Guangdong Pythagorean OA Office System up to 4.50.31 Schedule description cross site scripting (I74ZPU)
- CVE-2023-32324 | CUPS up to 2.4.1 cups/string.c format_log_line denial of service
- CVE-2023-32181 | openSUSE libeconf up to 0.5.1 Configuration File buffer overflow (Issue 178)
- CVE-2023-22652 | openSUSE libeconf up to 0.5.1 Config File buffer overflow (Issue 177)
- VDB-230463 | Progress MOVEit Transfer HTTP access control
- CVE-2022-4332 | Sprecher SPRECON-E-C Firmware Verification data authenticity
- CVE-2023-3028 | Hangzhou Hopechart HQT401 201808021036 MQTT improper authentication
- CVE-2022-4333 | Sprecher SPRECON-E CPU hard-coded credentials
- CVE-2023-24584 | Gallagher Controller 6000 Controller Diagnostic Web Interface buffer overflow
- CVE-2023-3029 | Guangdong Pythagorean OA Office System up to 4.50.31 /note/index/delete id cross-site request forgery (I74VRG)
- CVE-2023-3027 | Red Hat Advanced Cluster Management for Kubernetes grc-policy-propagator access control
- CVE-2023-3022 | Linux Kernel IPv6 net/ipv6/fib6_rules.c fib6_rule_suppress denial of service
- CVE-2023-32175 | VIPRE Antivirus Plus link following
- CVE-2023-32176 | VIPRE Antivirus Plus SetPrivateConfig path traversal
- CVE-2023-32177 | VIPRE Antivirus Plus DeleteHistoryFile path traversal
- CVE-2023-32178 | VIPRE Antivirus Plus TelFileTransfer link following
- CVE-2023-32179 | VIPRE Antivirus Plus FPQuarTransfer link following
- CVE-2023-3026 | jgraph drawio up to 21.2.7 cross site scripting
- CVE-2023-3021 | mkucej i-librarian-free up to 5.10.3 cross site scripting
- CVE-2023-3020 | mkucej i-librarian-free up to 5.10.3 cross site scripting
- CVE-2023-33461 | iniparser 4.1 iniparser_getlongint null pointer dereference (Issue 144)
- CVE-2023-23955 | Broadcom Advanced Secure Gateway and Content Analysis prior 3.1.6.0/7.3.13.1 server-side request forgery
- CVE-2023-23954 | Broadcom Advanced Secure Gateway and Content Analysis prior 3.1.6.0/7.3.13.1 cross site scripting
- CVE-2023-30758 | Implem Pleasanter up to 1.3.38.1 cross site scripting (Issue 474)
- CVE-2023-23952 | Broadcom Advanced Secure Gateway and Content Analysis prior 3.1.6.0/7.3.13.1 command injection
- CVE-2023-33287 | Actonic Inline Table Editing Application up to 3.7.x cross site scripting
- CVE-2023-23953 | Broadcom Advanced Secure Gateway and Content Analysis prior 3.1.6.0/7.3.13.1 Privilege Escalation
- CVE-2023-34088 | Collabora Online prior 6.4.27/21.11.9.1/22.05.13 cross site scripting (GHSA-7582-pwfh-3pwr)
- CVE-2023-33719 | mp4v2 2.1.3 atom_sdp.cpp MP4SdpAtom::Read memory leak (Issue 37)
- CVE-2023-33716 | mp4v2 2.1.3 mp4property.cpp MP4StringProperty memory leak (Issue 36)
- CVE-2023-33643 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm stack-based overflow
- CVE-2023-33642 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm Edit_BasicSSID stack-based overflow
- CVE-2023-33641 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm AddMacList stack-based overflow
- CVE-2023-33640 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm SetAPWifiorLedInfoById stack-based overflow
- CVE-2023-33639 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm SetMobileAPInfoById stack-based overflow
- CVE-2023-33638 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm Edit_BasicSSID_5G stack-based overflow
- CVE-2023-33637 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm DelDNSHnList stack-based overflow
- CVE-2023-33636 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm ipqos_lanip_editlist stack-based overflow
- CVE-2023-33635 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm UpdateMacClone stack-based overflow
- CVE-2023-33634 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm EdittriggerList stack-based overflow
- CVE-2023-33633 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm UpdateWanParams stack-based overflow
- CVE-2023-33632 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm ipqos_lanip_dellist stack-based overflow
- CVE-2023-33631 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm DelSTList stack-based overflow
- CVE-2023-33630 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm EditvsList stack-based overflow
- CVE-2023-33629 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm DeltriggerList stack-based overflow
- CVE-2023-33628 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm DelvsList stack-based overflow
- CVE-2023-33627 | H3C Magic R300 R300-2100MV100R004 /goform/aspForm UpdateSnat stack-based overflow
- CVE-2023-33732 | MicroWorld eScan Management Console 14.0.1400.2281 New Policy Form type/txtPolicyType/Deletefileval cross site scripting