RANK (yesterday) |
NAME | HEAT SCORE | DESCRIPTION |
---|---|---|---|
👑➡️ (1) | CVE-2023-23397 | 106 | Microsoft Outlook Elevation of Privilege Vulnerability |
2 (-) | CVE-2023-21800 | 35 | Windows Installer Elevation of Privilege Vulnerability |
3 (-) | CVE-2023-20860 | 19 | N/A |
4 (-) | CVE-2020-36620 | 16 | A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability. |
5 (-) | CVE-2023-1527 | 15 | Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. |
6 (-) | CVE-2023-1545 | 15 | SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. |
7⬇️ (4) | CVE-2022-41099 | 14 | BitLocker Security Feature Bypass Vulnerability. |
8⬇️ (5) | CVE-2022-24716 | 14 | Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. |
9 (-) | CVE-2023-1535 | 14 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. |
10 (-) | CVE-2023-1537 | 14 | Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. |
11 (-) | CVE-2023-1543 | 14 | Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. |
12 (-) | CVE-2023-1153 | 14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22. |
13 (-) | CVE-2012-10009 | 13 | A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. |
14⬇️ (3) | CVE-2023-23415 | 13 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
15 (-) | CVE-2023-1536 | 13 | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. |
16 (-) | CVE-2023-1538 | 13 | Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. |
17 (-) | CVE-2023-1539 | 13 | Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6. |
18 (-) | CVE-2023-1540 | 13 | Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. |
19 (-) | CVE-2023-1541 | 13 | Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. |
20 (-) | CVE-2023-1542 | 13 | Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. |