Security Vulnerabilities - CVEs Published In May 2023
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-31
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-05-31
Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-05-31
A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230358 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-05-31
A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230359.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-31
A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230360.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-05-31
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.
CVSS Score
5.4
EPSS Score
0.175
Published
2023-05-31
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.15
Published
2023-05-31
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
CVSS Score
9.1
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31