Security Vulnerabilities - CVEs Published In March 2023
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-15
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
CVSS Score
5.3
EPSS Score
0.012
Published
2023-03-15
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223111.
CVSS Score
4.7
EPSS Score
0.003
Published
2023-03-15
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-03-15
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.
CVSS Score
9.8
EPSS Score
0.038
Published
2023-03-15
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-03-15
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-15
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-03-15
An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-03-15
Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-03-14