Security Vulnerabilities - CVEs Published In May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-26
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
CVSS Score
7.2
EPSS Score
0.824
Published
2023-05-26
mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-26
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
CVSS Score
7.2
EPSS Score
0.321
Published
2023-05-26
skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-26
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-26
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
CVSS Score
9.8
EPSS Score
0.67
Published
2023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-26