CVE-2022-31643
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.
Source: CVE-2022-31643
[월:] 2023년 04월
CVE-2023-2375
CVE-2023-2375
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.
Source: CVE-2023-2375
CVE-2023-2374
CVE-2023-2374
A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.
Source: CVE-2023-2374
CVE-2023-29815
CVE-2023-29815
mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).
Source: CVE-2023-29815
CVE-2023-0834
CVE-2023-0834
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.
Source: CVE-2023-0834
CVE-2023-1477
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.
Source: CVE-2023-1477
CVE-2023-30125
CVE-2023-30125
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
Source: CVE-2023-30125
CVE-2023-30123
CVE-2023-30123
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
Source: CVE-2023-30123
CVE-2023-30183
CVE-2023-30183
Wangmarket CMS v4.10 was discovered to contain a SQL injection vulnerability via the component /plugin/dataDictionary/tableView.do?tableName=.
Source: CVE-2023-30183
CVE-2023-28472
CVE-2023-28472
Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.
Source: CVE-2023-28472