Auto-Update: 2023-05-04T04:00:24.919022+00:00

CVE-2022/CVE-2022-477xx/CVE-2022-47757.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2022-47757",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T02:15:09.177",
+  "lastModified": "2023-05-04T02:15:09.177",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-ghf9-x3c5-3mwj",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-254xx/CVE-2023-25438.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-25438",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T02:15:18.213",
+  "lastModified": "2023-05-04T02:15:18.213",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://millegpg.it/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://packetstormsecurity.com/files/172052/MilleGPG5-5.9.2-Local-Privilege-Escalation.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-270xx/CVE-2023-27075.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-27075",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T02:15:18.570",
+  "lastModified": "2023-05-04T02:15:18.570",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/szabodanika/microbin/issues/142",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/szabodanika/microbin/pull/143",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-275xx/CVE-2023-27568.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-27568",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T02:15:19.103",
+  "lastModified": "2023-05-04T02:15:19.103",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]="
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-001.txt",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.schutzwerk.com/blog/schutzwerk-sa-2023-001/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-298xx/CVE-2023-29842.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-29842",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T03:15:09.600",
+  "lastModified": "2023-05-04T03:15:09.600",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ChirchCRm 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ChurchCRM/CRM",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.py",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-300xx/CVE-2023-30077.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-30077",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T03:15:20.930",
+  "lastModified": "2023-05-04T03:15:20.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Dzero57/cve_report/blob/main/judging-management-system/SQLi-1.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.github.com",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-303xx/CVE-2023-30331.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-30331",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T03:15:21.267",
+  "lastModified": "2023-05-04T03:15:21.267",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gitee.com/xiandafu/beetl/issues/I6RUIP",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/luelueking/Beetl-3.15.0-vuln-poc",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-310xx/CVE-2023-31099.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-31099",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-04T02:15:19.437",
+  "lastModified": "2023-05-04T02:15:19.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://manageengine.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.manageengine.com/network-monitoring/security-updates/cve-2023-31099.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-05-04T02:00:25.093955+00:00
+2023-05-04T04:00:24.919022+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-05-04T00:15:17.153000+00:00
+2023-05-04T03:15:21.267000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,22 +29,27 @@ Download and Changelog: [Click](releases/latest)
 ### Total Number of included CVEs
 
 ```plain
-214033
+214041
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `0`
+Recently added CVEs: `8`
 
+* [CVE-2022-47757](CVE-2022/CVE-2022-477xx/CVE-2022-47757.json) (`2023-05-04T02:15:09.177`)
+* [CVE-2023-25438](CVE-2023/CVE-2023-254xx/CVE-2023-25438.json) (`2023-05-04T02:15:18.213`)
+* [CVE-2023-27075](CVE-2023/CVE-2023-270xx/CVE-2023-27075.json) (`2023-05-04T02:15:18.570`)
+* [CVE-2023-27568](CVE-2023/CVE-2023-275xx/CVE-2023-27568.json) (`2023-05-04T02:15:19.103`)
+* [CVE-2023-29842](CVE-2023/CVE-2023-298xx/CVE-2023-29842.json) (`2023-05-04T03:15:09.600`)
+* [CVE-2023-30077](CVE-2023/CVE-2023-300xx/CVE-2023-30077.json) (`2023-05-04T03:15:20.930`)
+* [CVE-2023-30331](CVE-2023/CVE-2023-303xx/CVE-2023-30331.json) (`2023-05-04T03:15:21.267`)
+* [CVE-2023-31099](CVE-2023/CVE-2023-310xx/CVE-2023-31099.json) (`2023-05-04T02:15:19.437`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `3`
+Recently modified CVEs: `0`
 
-* [CVE-2023-31484](CVE-2023/CVE-2023-314xx/CVE-2023-31484.json) (`2023-05-04T00:15:10.567`)
-* [CVE-2023-31485](CVE-2023/CVE-2023-314xx/CVE-2023-31485.json) (`2023-05-04T00:15:17.013`)
-* [CVE-2023-31486](CVE-2023/CVE-2023-314xx/CVE-2023-31486.json) (`2023-05-04T00:15:17.153`)
 
 
 ## Download and Usage