Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 52분 지남

CVE-2023-23924

수, 2023/02/01 - 9:15오전
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

CVE-2023-24241

수, 2023/02/01 - 9:15오전
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.

CVE-2023-24956

수, 2023/02/01 - 9:15오전
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.

CVE-2022-47873

수, 2023/02/01 - 8:15오전
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).

CVE-2022-32984

수, 2023/02/01 - 7:15오전
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed.

CVE-2022-37708

수, 2023/02/01 - 7:15오전
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container.

CVE-2022-45297

수, 2023/02/01 - 7:15오전
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.

CVE-2022-45494

수, 2023/02/01 - 7:15오전
Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

CVE-2016-15023

수, 2023/02/01 - 5:15오전
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.

CVE-2022-45172

수, 2023/02/01 - 3:15오전
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.

CVE-2022-47697

수, 2023/02/01 - 3:15오전
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.

CVE-2022-47698

수, 2023/02/01 - 3:15오전
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router.

CVE-2022-47699

수, 2023/02/01 - 3:15오전
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.

CVE-2022-47700

수, 2023/02/01 - 3:15오전
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.

CVE-2022-47701

수, 2023/02/01 - 3:15오전
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).

CVE-2022-47854

수, 2023/02/01 - 3:15오전
i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.

CVE-2023-22610

수, 2023/02/01 - 2:15오전
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxureâ„¢ Geo SCADA Expert 2019, EcoStruxureâ„¢ Geo SCADA Expert 2020, EcoStruxureâ„¢ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).

CVE-2023-22611

수, 2023/02/01 - 2:15오전
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxureâ„¢ Geo SCADA Expert 2019, EcoStruxureâ„¢ Geo SCADA Expert 2020, EcoStruxureâ„¢ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).

CVE-2022-45598

수, 2023/02/01 - 1:15오전
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.

CVE-2022-47035

수, 2023/02/01 - 1:15오전
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.

페이지