Security Vulnerabilities - CVEs Published In May 2023
IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-25
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-25
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-25
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-05-25
IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-25
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
CVSS Score
6.5
EPSS Score
0.0
Published
2023-05-25
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-05-25