) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2023-23330 - amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
Published: March 27, 2023; 9:15:10 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-0241 - pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.
Published: March 27, 2023; 5:15:10 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2023-27821 - Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter.
Published: March 28, 2023; 1:15:12 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2022-48433 - In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
Published: March 29, 2023; 9:15:08 AM -0400V3.1: 7.5 HIGH
-
CVE-2022-48430 - In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
Published: March 29, 2023; 9:15:07 AM -0400V3.1: 7.5 HIGH
-
CVE-2022-48431 - In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
Published: March 29, 2023; 9:15:07 AM -0400V3.1: 7.8 HIGH
-
CVE-2022-48432 - In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
Published: March 29, 2023; 9:15:08 AM -0400V3.1: 8.8 HIGH
-
CVE-2023-25817 - Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has ... read CVE-2023-25817
Published: March 27, 2023; 5:15:11 PM -0400V3.1: 8.1 HIGH
-
CVE-2022-39043 - Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.
Published: March 27, 2023; 12:15:09 AM -0400V3.1: 2.4 LOW
-
CVE-2023-1575 - The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for... read CVE-2023-1575
Published: March 29, 2023; 11:15:07 AM -0400V3.1: 4.8 MEDIUM
-
CVE-2023-23861 - Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions.
Published: March 29, 2023; 9:15:08 AM -0400V3.1: 8.8 HIGH
-
CVE-2022-47444 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.
Published: March 29, 2023; 9:15:07 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2022-47438 - Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
Published: March 29, 2023; 9:15:07 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2022-47433 - Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.
Published: March 29, 2023; 9:15:07 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2022-38077 - Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.
Published: March 29, 2023; 9:15:07 AM -0400V3.1: 8.8 HIGH
-
CVE-2023-26982 - Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
Published: March 29, 2023; 11:15:07 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2022-47596 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <= 1.9.9 versions.
Published: March 29, 2023; 1:15:06 PM -0400V3.1: 4.8 MEDIUM
-
CVE-2023-28892 - Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SY... read CVE-2023-28892
Published: March 29, 2023; 11:15:07 AM -0400V3.1: 7.8 HIGH
-
CVE-2023-1689 - A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=save_earning. The manipulation of the argument name leads to cross site sc... read CVE-2023-1689
Published: March 29, 2023; 6:15:06 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-24834 - WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL.
Published: March 27, 2023; 12:15:09 AM -0400V3.1: 6.5 MEDIUM