Security Vulnerabilities - CVEs Published In April 2023
SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.
CVSS Score
2.7
EPSS Score
0.0
Published
2023-04-10
A user with non-Admin access can change a configuration file on the client to modify the Server URL.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-04-10
Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-10
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.
CVSS Score
9.8
EPSS Score
0.112
Published
2023-04-10
An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-04-10
A user with a compromised configuration can start an unsigned binary as a service.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-10
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-10
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-04-10
Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-04-10
Certain Lexmark devices through 2023-02-19 have an Integer Overflow.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-04-10