Security Vulnerabilities - CVEs Published In September 2023
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects Digital Yepas: before 1.0.1.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-14
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-14
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.
CVSS Score
2.7
EPSS Score
0.002
Published
2023-09-14
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.This issue affects MedasPro: before 28.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-14
i-doit Pro v25 and below was discovered to be vulnerable to path traversal.
CVSS Score
6.5
EPSS Score
0.079
Published
2023-09-14
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).
CVSS Score
9.8
EPSS Score
0.014
Published
2023-09-14
A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-14
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-14
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-09-14
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
CVSS Score
4.7
EPSS Score
0.002
Published
2023-09-14