Security Vulnerabilities - CVEs Published In May 2023
IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-23
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-05-23
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-05-23
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-23
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
CVSS Score
9.8
EPSS Score
0.669
Published
2023-05-23