Security Vulnerabilities - CVEs Published In May 2023
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-12
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
CVSS Score
9.8
EPSS Score
0.924
Published
2023-05-12
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
5.3
EPSS Score
0.003
Published
2023-05-12
An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
CVSS Score
8.1
EPSS Score
0.001
Published
2023-05-12
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
7.2
EPSS Score
0.001
Published
2023-05-12
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-05-12
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228884.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-12
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-05-12
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-12
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.021
Published
2023-05-12