Security Vulnerabilities - CVEs Published In January 2023
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
CVSS Score
8.4
EPSS Score
0.003
Published
2023-01-14
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
CVSS Score
4.6
EPSS Score
0.002
Published
2023-01-14
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
CVSS Score
7.6
EPSS Score
0.019
Published
2023-01-14
Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.
CVSS Score
6.1
EPSS Score
0.118
Published
2023-01-14
Broken Access Control in Betheme theme <= 26.6.1 on WordPress.
CVSS Score
4.3
EPSS Score
0.004
Published
2023-01-14
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass.
The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching.
Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-14
Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-01-14
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
CVSS Score
9.8
EPSS Score
0.94
Published
2023-01-14
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
CVSS Score
7.2
EPSS Score
0.008
Published
2023-01-14
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
CVSS Score
8.8
EPSS Score
0.013
Published
2023-01-14