Security Vulnerabilities - CVEs Published In June 2023
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions.
CVSS Score
8.5
EPSS Score
0.002
Published
2023-06-22
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
CVSS Score
5.9
EPSS Score
0.003
Published
2023-06-22
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
CVSS Score
5.7
EPSS Score
0.002
Published
2023-06-22
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
CVSS Score
3.5
EPSS Score
0.002
Published
2023-06-22
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-22
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-22
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-22
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
CVSS Score
9.8
EPSS Score
0.124
Published
2023-06-22
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-22
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-22