CVE-2023-31221

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ransom Christofferson PDQ CSV plugin = 1.0.0 versions...

CVE-2023-4140

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

CVE-2023-48029

Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution ...

CVE-2023-27987

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

CVE-2023-35005

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default only if webserver exposeconfig is set to non-sensitive-only, and not all uncensored values are...

CVE-2023-27167

Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?searchmonth=1...

CVE-2023-2718

The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability...

CVE-2023-26142

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...

CVE-2023-21424

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand...

CVE-2023-23678

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent for GDPR, CCPA & ePrivacy .This issue affects WP Cookie Consent for GDPR, CCPA & ePrivacy : from n/a through 2.2.5...

CVE-2023-23796

Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0...

CVE-2022-29211

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain Not a Number NaN elements. The implementation assumes that all floating point operation...

CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

CVE-2022-48613

Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed...

CVE-2022-46402

The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 accepts PairConrmSend with incorrect values...

CVE-2022-25047

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values...

The vulnerability of the dc_dmub_srv_cmd_run_list() function in the DRI driver for AMD graphics cards with Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the dcdmubsrvcmdrunlist function in the DRI driver for AMD graphics cards with Linux operating systems is related to the lack of checking the return value. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2022-1157

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged...

CVE-2022-41599

The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2022-22253

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability...