Security Vulnerabilities - CVEs Published In May 2023
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
CVSS Score
8.8
EPSS Score
0.055
Published
2023-05-12
SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-05-12
The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-05-12
Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-05-12
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-05-12
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-05-12
eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-12
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-12
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-12
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-12