Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33982 1 Briarproject 1 Briar 2023-06-01 N/A 5.9 MEDIUM
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.
CVE-2022-4815 1 Hitachi 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server 2023-06-01 N/A 8.8 HIGH
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 
CVE-2023-25470 1 Rus-to-lat Project 1 Rus-to-lat 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions.
CVE-2023-25029 1 Wp Social Bookmarking Light Project 1 Wp Social Bookmarking Light 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions.
CVE-2022-41221 1 Opentext 1 Archive Center Administration 2023-06-01 N/A 7.1 HIGH
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.
CVE-2023-25599 1 Mitel 1 Mivoice Connect 2023-06-01 N/A 7.4 HIGH
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2023-25034 1 Wp Clean Up Project 1 Wp Clean Up 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions.
CVE-2023-25038 1 984.ru 1 For The Visually Impaired 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions.
CVE-2022-47144 1 Frenify 1 Mediamatic 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.
CVE-2023-2817 1 Craftcms 1 Craft Cms 2023-06-01 N/A 5.4 MEDIUM
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
CVE-2023-25467 1 Resize At Upload Plus Project 1 Resize At Upload Plus 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.
CVE-2023-25058 1 Brainstormforce 1 Schema 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions.
CVE-2023-31594 1 Ic 2 Realtime Icip-p2012t, Realtime Icip-p2012t Firmware 2023-06-01 N/A 7.5 HIGH
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network.
CVE-2022-0010 1 Abb 5 Platform Engineering Tools, Qcs 800xa, Qcs 800xa Firmware and 2 more 2023-06-01 N/A 5.5 MEDIUM
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.
CVE-2023-33965 2023-06-01 N/A N/A
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.
CVE-2023-33552 2023-06-01 N/A N/A
Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.
CVE-2023-33551 2023-06-01 N/A N/A
Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.
CVE-2023-31923 1 Supremainc 1 Biostar 2 2023-06-01 N/A 8.8 HIGH
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system.
CVE-2023-32348 1 Teltonika 1 Remote Management System 2023-06-01 N/A 5.8 MEDIUM
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.
CVE-2023-3035 2023-06-01 N/A N/A
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230467.