Security Vulnerabilities - CVEs Published In May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-05-26
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
CVSS Score
7.2
EPSS Score
0.145
Published
2023-05-26
mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-05-26
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
CVSS Score
7.2
EPSS Score
0.033
Published
2023-05-26
skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-05-26
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions.
CVSS Score
7.1
EPSS Score
0.004
Published
2023-05-26
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
CVSS Score
9.8
EPSS Score
0.461
Published
2023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-26