NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2023-45881 - GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter i... read CVE-2023-45881
Published: November 14, 2023; 1:15:29 AM -0500

V3.1: 6.1 MEDIUM
CVE-2023-6128 - Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
Published: November 14, 2023; 11:15:28 AM -0500

V3.1: 5.4 MEDIUM
CVE-2023-26156 - Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. ... read CVE-2023-26156
Published: November 09, 2023; 12:15:09 AM -0500

V3.1: 7.5 HIGH
CVE-2023-46492 - Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.
Published: November 09, 2023; 12:15:11 AM -0500

V3.1: 6.1 MEDIUM
CVE-2023-47248 - Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user... read CVE-2023-47248
Published: November 09, 2023; 4:15:08 AM -0500

V3.1: 9.8 CRITICAL
CVE-2023-4612 - Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issu... read CVE-2023-4612
Published: November 09, 2023; 9:15:08 AM -0500

V3.1: 9.8 CRITICAL
CVE-2022-41076 - PowerShell Remote Code Execution Vulnerability
Published: December 13, 2022; 2:15:11 PM -0500

V3.1: 8.5 HIGH
CVE-2022-41089 - .NET Framework Remote Code Execution Vulnerability
Published: December 13, 2022; 2:15:12 PM -0500

V3.1: 7.8 HIGH
CVE-2022-41115 - Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Published: December 13, 2022; 2:15:12 PM -0500

V3.1: 6.6 MEDIUM
CVE-2022-41121 - Windows Graphics Component Elevation of Privilege Vulnerability
Published: December 13, 2022; 2:15:12 PM -0500

V3.1: 7.8 HIGH
CVE-2022-44689 - Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
Published: December 13, 2022; 2:15:13 PM -0500

V3.1: 7.8 HIGH
CVE-2022-44702 - Windows Terminal Remote Code Execution Vulnerability
Published: December 13, 2022; 2:15:14 PM -0500

V3.1: 7.8 HIGH
CVE-2022-44704 - Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability
Published: December 13, 2022; 2:15:14 PM -0500

V3.1: 7.8 HIGH
CVE-2023-24585 - An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Published: November 14, 2023; 5:15:26 AM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44708 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Published: December 13, 2022; 2:15:14 PM -0500

V3.1: 8.3 HIGH
CVE-2022-28143 - A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS val... read CVE-2022-28143
Published: March 29, 2022; 9:15:08 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-28142 - Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.
Published: March 29, 2022; 9:15:08 AM -0400

V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2022-28141 - Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Published: March 29, 2022; 9:15:08 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2023-6084 - A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. ... read CVE-2023-6084
Published: November 12, 2023; 6:15:07 AM -0500

V3.1: 9.8 CRITICAL
CVE-2022-28140 - Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Published: March 29, 2022; 9:15:08 AM -0400

V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: