Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 36분 지남

CVE-2023-24997

목, 2023/02/02 - 12:15오전
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.

CVE-2022-47715

수, 2023/02/01 - 11:15오후
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.

CVE-2022-47717

수, 2023/02/01 - 11:15오후
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

CVE-2023-0611

수, 2023/02/01 - 11:15오후
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.

CVE-2023-0612

수, 2023/02/01 - 11:15오후
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation of the argument device_web_ip leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.

CVE-2023-0613

수, 2023/02/01 - 11:15오후
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation of the argument device_web_ip leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability.

CVE-2023-22573

수, 2023/02/01 - 11:15오후
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.

CVE-2023-22574

수, 2023/02/01 - 11:15오후
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

CVE-2023-22575

수, 2023/02/01 - 11:15오후
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.

CVE-2023-23126

수, 2023/02/01 - 11:15오후
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions.

CVE-2023-23127

수, 2023/02/01 - 11:15오후
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS.

CVE-2023-23128

수, 2023/02/01 - 11:15오후
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS).

CVE-2023-23130

수, 2023/02/01 - 11:15오후
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled.

CVE-2023-23131

수, 2023/02/01 - 11:15오후
Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

CVE-2023-23132

수, 2023/02/01 - 11:15오후
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.

CVE-2023-24610

수, 2023/02/01 - 11:15오후
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.

CVE-2022-47002

수, 2023/02/01 - 11:15오후
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.

CVE-2022-47003

수, 2023/02/01 - 11:15오후
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.

CVE-2022-47714

수, 2023/02/01 - 11:15오후
Last Yard 22.09.8-1 does not enforce HSTS headers

CVE-2023-22572

수, 2023/02/01 - 10:15오후
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

페이지