ποΈ CVE-2023-0045
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscal
ποΈ CVE-2023-0126
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an
ποΈ CVE-2023-0099
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outp
ποΈ CVE-2023-0156
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to displa
ποΈ CVE-2023-0157
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log file
ποΈ CVE-2023-0236
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id
ποΈ CVE-2023-0159
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a
ποΈ CVE-2023-0261
The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape
ποΈ CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue
ποΈ CVE-2023-0264
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate
ποΈ CVE-2023-0266
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.Β SNDRV_CTL_IOCTL_E
ποΈ CVE-2023-0315
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
ποΈ CVE-2023-0334
The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a paramete
ποΈ CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
ποΈ CVE-2023-0461
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local
ποΈ CVE-2023-0464
A security vulnerability has been identified in all supported versionsof OpenSSL related to the ve
ποΈ CVE-2023-0514
The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before
ποΈ CVE-2023-0527
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as p
ποΈ CVE-2023-0552
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection UR
ποΈ CVE-2023-0562
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as crit
ποΈ CVE-2023-0563
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System
ποΈ CVE-2023-0600
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input
ποΈ CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file
ποΈ CVE-2023-0602
The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are
ποΈ CVE-2023-0630
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering s
ποΈ CVE-2023-0656
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker
ποΈ CVE-2023-0448
The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in th
ποΈ CVE-2023-0777
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
ποΈ CVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vu
ποΈ CVE-2023-0678
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
ποΈ CVE-2023-0748
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
ποΈ CVE-2023-0830
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function sys
ποΈ CVE-2023-0860
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-insta
ποΈ CVE-2023-0861
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user
ποΈ CVE-2023-0900
The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a par
ποΈ CVE-2023-0942
The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v
ποΈ CVE-2023-0947
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
ποΈ CVE-2023-0948
The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before ou
ποΈ CVE-2023-0968
The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βdnβ, 'em
ποΈ CVE-2023-1020
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a para
ποΈ CVE-2023-1080
The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ
ποΈ CVE-2023-1112
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress.
ποΈ CVE-2023-1177
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
ποΈ CVE-2023-1263
The CMP β Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in ve
ποΈ CVE-2023-1326
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-202
ποΈ CVE-2023-1337
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss
ποΈ CVE-2023-1362
Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to
ποΈ CVE-2023-1389
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injec
ποΈ CVE-2023-1408
The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a paramete
ποΈ CVE-2023-1415
A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerab
ποΈ CVE-2023-1430
The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthoriz
ποΈ CVE-2023-1454
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown p
ποΈ CVE-2023-1496
Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.
ποΈ CVE-2023-1498
A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Af
ποΈ CVE-2023-1546
The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them
ποΈ CVE-2023-1665
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior
ποΈ CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older
ποΈ CVE-2023-1698
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create ne
ποΈ CVE-2023-1718
Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 al
ποΈ CVE-2023-1719
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthentica
ποΈ CVE-2023-1730
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using
ποΈ CVE-2023-1767
The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th Mar
ποΈ CVE-2023-1780
The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some para
ποΈ CVE-2023-1835
The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input befo
ποΈ CVE-2023-1880
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ποΈ CVE-2023-1890
The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputtin
ποΈ CVE-2023-1892
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.
ποΈ CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net
ποΈ CVE-2023-2008
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a faul
ποΈ CVE-2023-2009
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 s
ποΈ CVE-2023-2023
The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in
ποΈ CVE-2023-2024
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 all
ποΈ CVE-2023-2033
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potential
ποΈ CVE-2023-2114
The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is p
ποΈ CVE-2023-2122
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_ta
ποΈ CVE-2023-2123
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter b
ποΈ CVE-2023-2130
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management Sy
ποΈ CVE-2023-2178
The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its setti
ποΈ CVE-2023-2215
A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affec
ποΈ CVE-2023-2224
The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, wh
ποΈ CVE-2023-2227
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
ποΈ CVE-2023-2249
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forge
ποΈ CVE-2023-2252
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not v
ποΈ CVE-2023-2255
Improper access control in editor components of The Document Foundation LibreOffice allowed an attac
ποΈ CVE-2023-2272
The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before
ποΈ CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
ποΈ CVE-2023-2437
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and inclu
ποΈ CVE-2023-2479
OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
ποΈ CVE-2023-2516
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
ποΈ CVE-2023-2523
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this is
ποΈ CVE-2023-2579
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, w
ποΈ CVE-2023-2591
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repos
ποΈ CVE-2023-2594
A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Managem
ποΈ CVE-2023-2598
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_ur
ποΈ CVE-2023-2636
The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter be
ποΈ CVE-2023-2640
On Ubuntu kernels carrying both c914c0e27eb0 and 'UBUNTU: SAUCE: overlayfs: Skip permission checking
ποΈ CVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects a
ποΈ CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them ma
ποΈ CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and in
ποΈ CVE-2023-2744
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in
ποΈ CVE-2023-2766
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some un
ποΈ CVE-2023-2779
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise
ποΈ CVE-2023-2780
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
ποΈ CVE-2023-2796
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_
ποΈ CVE-2023-2813
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordP
ποΈ CVE-2023-2822
A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problem
ποΈ CVE-2023-2825
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malic
ποΈ CVE-2023-2833
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and includ
���ποΈ CVE-2023-2859
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
ποΈ CVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance f
ποΈ CVE-2023-2877
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validat
ποΈ CVE-2023-2916
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versio
ποΈ CVE-2023-2928
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by th
ποΈ CVE-2023-2948
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
ποΈ CVE-2023-2949
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
ποΈ CVE-2023-2951
A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information
ποΈ CVE-2023-2982
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is
ποΈ CVE-2023-2986
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass
ποΈ CVE-2023-3009
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
ποΈ CVE-2023-3047
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
ποΈ CVE-2023-3076
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts w
ποΈ CVE-2023-3079
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potential
ποΈ CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a miss
ποΈ CVE-2023-3163
A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Aff
ποΈ CVE-2023-3219
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its event
ποΈ CVE-2023-3244
The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data du
ποΈ CVE-2023-3269
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for
ποΈ CVE-2023-3338
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This iss
ποΈ CVE-2023-3345
The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user infor
ποΈ CVE-2023-3368
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allow
ποΈ CVE-2023-3450
A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects
ποΈ CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and includi
ποΈ CVE-2023-3460
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accou
ποΈ CVE-2023-3479
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
ποΈ CVE-2023-3519
Unauthenticated remote code execution
ποΈ CVE-2023-3640
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of
ποΈ CVE-2023-3710
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules)
ποΈ CVE-2023-3711
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Se
ποΈ CVE-2023-3712
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (
ποΈ CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
ποΈ CVE-2023-3824
In PHP version 8.0.* before 8.0.30,Β 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar
ποΈ CVE-2023-3836
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This
ποΈ CVE-2023-3843
A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affecte
ποΈ CVE-2023-3844
A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected
ποΈ CVE-2023-3845
A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by
ποΈ CVE-2023-3846
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an
ποΈ CVE-2023-3847
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability a
ποΈ CVE-2023-3848
A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. Thi
ποΈ CVE-2023-3849
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected
ποΈ CVE-2023-3936
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before output
ποΈ CVE-2023-3971
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an a
ποΈ CVE-2023-4110
A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as pr
ποΈ CVE-2023-4111
A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. A
ποΈ CVE-2023-4112
A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as pro
ποΈ CVE-2023-4113
A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problem
ποΈ CVE-2023-4114
A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as probl
ποΈ CVE-2023-4115
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affec
ποΈ CVE-2023-4116
A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by thi
ποΈ CVE-2023-4128
Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207,
ποΈ CVE-2023-4145
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.
ποΈ CVE-2023-4148
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated
ποΈ CVE-2023-4165
A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown p
ποΈ CVE-2023-4166
A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects u
ποΈ CVE-2023-4168
A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic.
ποΈ CVE-2023-4169
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affecte
ποΈ CVE-2023-4173
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affecte
ποΈ CVE-2023-4174
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected b
ποΈ CVE-2023-4206
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited
ποΈ CVE-2023-4278
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in p
ποΈ CVE-2023-4279
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially
ποΈ CVE-2023-4281
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untru
ποΈ CVE-2023-4294
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer hea
ποΈ CVE-2023-4357
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a
ποΈ CVE-2023-4415
A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affecte
ποΈ CVE-2023-4427
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker
ποΈ CVE-2023-4450
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Aff
ποΈ CVE-2023-4451
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
ποΈ CVE-2023-4460
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG
ποΈ CVE-2023-4547
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affec
ποΈ CVE-2023-4549
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from
ποΈ CVE-2023-4568
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and be
ποΈ CVE-2023-4596
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validat
ποΈ CVE-2023-4631
The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retriev
ποΈ CVE-2023-4634
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Co
ποΈ CVE-2023-4636
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting
ποΈ CVE-2023-4683
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
ποΈ CVE-2023-4696
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
ποΈ CVE-2023-4698
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
ποΈ CVE-2023-4699
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELS
ποΈ CVE-2023-4714
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some u
ποΈ CVE-2023-4741
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affec
ποΈ CVE-2023-4762
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute a
ποΈ CVE-2023-4800
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that sho
ποΈ CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a
ποΈ CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GL
ποΈ CVE-2023-4966
Sensitive information disclosureΒ in NetScaler ADC and NetScaler Gateway when configured as aΒ Gateway
ποΈ CVE-2023-4973
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affect
ποΈ CVE-2023-4974
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue
ποΈ CVE-2023-5024
A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an
ποΈ CVE-2023-5043
Ingress nginx annotation injection causes arbitrary command execution.
ποΈ CVE-2023-5044
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
ποΈ CVE-2023-5070
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitiv
ποΈ CVE-2023-5074
Use of a static key to protect a JWT token used in user authentication can allow an for an authentic
ποΈ CVE-2023-5089
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via
ποΈ CVE-2023-5142
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX
ποΈ CVE-2023-5178
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` du
ποΈ CVE-2023-5204
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions
ποΈ CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1
ποΈ CVE-2023-5244
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
ποΈ CVE-2023-5324
A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerabil
ποΈ CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate u
ποΈ CVE-2023-5375
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
ποΈ CVE-2023-5412
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via t
ποΈ CVE-2023-5521
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.
ποΈ CVE-2023-5538
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Req
ποΈ CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only availab
ποΈ CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only availabl
ποΈ CVE-2023-5546
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored X
ποΈ CVE-2023-5556
Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.
ποΈ CVE-2023-5561
WordPress does not properly restrict which user fields are searchable via the REST API, allowing una
ποΈ CVE-2023-5717
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf
ποΈ CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle
ποΈ CVE-2023-5808
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL
ποΈ CVE-2023-5830
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects
ποΈ CVE-2023-5914
Β Cross-site scripting (XSS)
ποΈ CVE-2023-5961
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmwa
ποΈ CVE-2023-5965
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in v
ποΈ CVE-2023-5966
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in v
ποΈ CVE-2023-6018
An attacker can overwrite any file on the server hosting MLflow without any authentication.
ποΈ CVE-2023-6019
A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os comm
ποΈ CVE-2023-6020
LFI in Ray's /static/ directory allows attackers to read any file on the server without authenticati
ποΈ CVE-2023-6021
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication
ποΈ CVE-2023-6023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the
ποΈ CVE-2023-6036
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect au
ποΈ CVE-2023-6038
A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated re
ποΈ CVE-2023-6063
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter
ποΈ CVE-2023-6114
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does
ποΈ CVE-2023-6246
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This
ποΈ CVE-2023-6289
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting th
ποΈ CVE-2023-6319
A command injection vulnerability exists in the getAudioMetadataΒ method from the com.webos.service.a
ποΈ CVE-2023-6360
The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection
ποΈ CVE-2023-6379
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15
ποΈ CVE-2023-6380
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of t
ποΈ CVE-2023-6538
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL
ποΈ CVE-2023-6548
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler GatewayΒ all
ποΈ CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up
ποΈ CVE-2023-6567
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the βorder_byβ par
ποΈ CVE-2023-6595
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authent
ποΈ CVE-2023-6623
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from o
ποΈ CVE-2023-6634
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and in
ποΈ CVE-2023-6654
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnera
ποΈ CVE-2023-6700
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary
ποΈ CVE-2023-6710
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious use
ποΈ CVE-2023-6831
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
ποΈ CVE-2023-6875
The POST SMTP Mailer β Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl
ποΈ CVE-2023-6895
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It
ποΈ CVE-2023-6909
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
ποΈ CVE-2023-6933
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions
ποΈ CVE-2023-6977
This vulnerability enables malicious users to read sensitive files on the server.
ποΈ CVE-2023-6985
The 10Web AI Assistant β AI content writing assistant plugin for WordPress is vulnerable to unauthor
ποΈ CVE-2023-7016
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to ex
ποΈ CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2
ποΈ CVE-2023-7172
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management
ποΈ CVE-2023-7173
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management Sy
ποΈ CVE-2023-20025
A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers c
ποΈ CVE-2023-20048
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software co
ποΈ CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vu
ποΈ CVE-2023-20073
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual
ποΈ CVE-2023-20110
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM O
ποΈ CVE-2023-20126
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could al
ποΈ CVE-2023-20178
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for
ποΈ CVE-2023-20198
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI
ποΈ CVE-2023-20209
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePrese
ποΈ CVE-2023-20273
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote
ποΈ CVE-2023-20562
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow a
ποΈ CVE-2023-20573
A privileged attackercan prevent delivery of debug exceptions to SEV-SNP guests potentiallyresulti
ποΈ CVE-2023-20593
An issue in βZen 2β CPUs, under specific microarchitectural circumstances, may allow an attacker to
ποΈ CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using '**' as a pattern in Spring S
ποΈ CVE-2023-20864
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malici
ποΈ CVE-2023-20887
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with netw
ποΈ CVE-2023-20888
Aria Operations for Networks contains an authenticated deserialization vulnerability.Β A malicious ac
ποΈ CVE-2023-20889
Aria Operations for Networks contains an information disclosure vulnerability.Β A malicious actor wit
ποΈ CVE-2023-20909
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missin
ποΈ CVE-2023-20911
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permi
ποΈ CVE-2023-20918
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege d
ποΈ CVE-2023-20921
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically gra
ποΈ CVE-2023-20933
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after
π��οΈ CVE-2023-20943
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system
ποΈ CVE-2023-20944
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsa
ποΈ CVE-2023-20955
In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin re
ποΈ CVE-2023-20963
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege
ποΈ CVE-2023-21036
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the cod
ποΈ CVE-2023-21086
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible
ποΈ CVE-2023-21094
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the
ποΈ CVE-2023-21097
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confu
ποΈ CVE-2023-21109
In multiple places of AccessibilityService, there is a possible way to hide the app from the user du
ποΈ CVE-2023-21118
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overf
ποΈ CVE-2023-21144
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or servi
ποΈ CVE-2023-21238
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused
ποΈ CVE-2023-21246
In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification list
ποΈ CVE-2023-21251
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consen
ποΈ CVE-2023-21272
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validati
ποΈ CVE-2023-21275
In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible wa
ποΈ CVE-2023-21281
In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen
ποΈ CVE-2023-21282
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bo
ποΈ CVE-2023-21284
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the F
ποΈ CVE-2023-21285
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due
ποΈ CVE-2023-21286
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a mis
ποΈ CVE-2023-21288
In visitUris of Notification.java, there is a possible way to reveal images across users due to a mi
ποΈ CVE-2023-21554
Microsoft Message Queuing Remote Code Execution Vulnerability
ποΈ CVE-2023-21608
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.3041
ποΈ CVE-2023-21674
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
ποΈ CVE-2023-21707
Microsoft Exchange Server Remote Code Execution Vulnerability
ποΈ CVE-2023-21716
Microsoft Word Remote Code Execution Vulnerability
ποΈ CVE-2023-21739
Windows Bluetooth Driver Elevation of Privilege Vulnerability
ποΈ CVE-2023-21742
Microsoft SharePoint Server Remote Code Execution Vulnerability
ποΈ CVE-2023-21746
Windows NTLM Elevation of Privilege Vulnerability
ποΈ CVE-2023-21752
Windows Backup Service Elevation of Privilege Vulnerability
ποΈ CVE-2023-21766
Windows Overlay Filter Information Disclosure Vulnerability
ποΈ CVE-2023-21768
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ποΈ CVE-2023-21823
Windows Graphics Component Remote Code Execution Vulnerability
ποΈ CVE-2023-21837
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
ποΈ CVE-2023-21839
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
ποΈ CVE-2023-21887
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versi
ποΈ CVE-2023-21931
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
ποΈ CVE-2023-21939
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
ποΈ CVE-2023-21971
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported v
ποΈ CVE-2023-22074
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versio
ποΈ CVE-2023-22232
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access
ποΈ CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py
ποΈ CVE-2023-22463
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-cod
ποΈ CVE-2023-22478
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sens
ποΈ CVE-2023-22480
KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy a
ποΈ CVE-2023-22490
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2
ποΈ CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attacker
ποΈ CVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Th
ποΈ CVE-2023-22524
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution v
ποΈ CVE-2023-22527
A template injection vulnerability on older versions of Confluence Data Center and Server allows an
ποΈ CVE-2023-22551
The FTP (aka 'Implementation of a simple FTP client and server') project through 96c1a35 allows remo
ποΈ CVE-2023-22620
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi al
ποΈ CVE-2023-22621
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploite
ποΈ CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user
ποΈ CVE-2023-22855
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface l
ποΈ CVE-2023-22884
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in
ποΈ CVE-2023-22894
Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user de
ποΈ CVE-2023-22897
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi al
ποΈ CVE-2023-22906
Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, witho
ποΈ CVE-2023-22941
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted βINGEST_EVALβ
ποΈ CVE-2023-22960
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
ποΈ CVE-2023-22974
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitra
ποΈ CVE-2023-23161
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 a
ποΈ CVE-2023-23169
Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directo
ποΈ CVE-2023-23192
IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.
ποΈ CVE-2023-23279
Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.
ποΈ CVE-2023-23333
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute
ποΈ CVE-2023-23396
Microsoft Excel Denial of Service Vulnerability
ποΈ CVE-2023-23397
Microsoft Outlook Elevation of Privilege Vulnerability
ποΈ CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL in
ποΈ CVE-2023-23489
The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthent
ποΈ CVE-2023-23491
The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scr
ποΈ CVE-2023-23492
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL i
ποΈ CVE-2023-23531
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iO
ποΈ CVE-2023-23583
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may all
ποΈ CVE-2023-23638
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious cod
ποΈ CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized
ποΈ CVE-2023-23924
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsin
ποΈ CVE-2023-23946
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.
ποΈ CVE-2023-24044
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers t
ποΈ CVE-2023-24055
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML
ποΈ CVE-2023-24059
Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files
ποΈ CVE-2023-24078
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vul
ποΈ CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
ποΈ CVE-2023-24278
Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
ποΈ CVE-2023-24317
Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via t
ποΈ CVE-2023-24322
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal
ποΈ CVE-2023-24329
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisti
ποΈ CVE-2023-24367
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by
ποΈ CVE-2023-24488
Cross site scripting vulnerabilityΒ in Citrix ADC and Citrix Gatewayβ―Β in allows and attacker to perfo
ποΈ CVE-2023-24489
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller whic
ποΈ CVE-2023-24517
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager compon
ποΈ CVE-2023-24538
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape
ποΈ CVE-2023-24610
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the 'practice logo'
ποΈ CVE-2023-24657
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the
ποΈ CVE-2023-24709
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via
ποΈ CVE-2023-24733
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the qu
ποΈ CVE-2023-24735
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.
ποΈ CVE-2023-24737
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the qu
ποΈ CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields paramet
ποΈ CVE-2023-24955
Microsoft SharePoint Server Remote Code Execution Vulnerability
ποΈ CVE-2023-24998
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resu
ποΈ CVE-2023-25135
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a
ποΈ CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handl
ποΈ CVE-2023-25157
GeoServer is an open source software server written in Java that allows users to share and edit geos
ποΈ CVE-2023-25194
A possible security vulnerability has been identified in Apache Kafka Connect API.This requires acc
ποΈ CVE-2023-25234
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameter
ποΈ CVE-2023-25260
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
ποΈ CVE-2023-25261
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Des
ποΈ CVE-2023-25262
Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSR
ποΈ CVE-2023-25263
In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.
ποΈ CVE-2023-25292
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers
ποΈ CVE-2023-25346
A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to i
ποΈ CVE-2023-25573
metersphere is an open source continuous testing platform. In affected versions an improper access c
ποΈ CVE-2023-25690
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Reque
ποΈ CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Requ
ποΈ CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently l
ποΈ CVE-2023-25813
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related
ποΈ CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a
ποΈ CVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which sup
ποΈ CVE-2023-26048
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart su
ποΈ CVE-2023-26049
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow a
ποΈ CVE-2023-26067
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
ποΈ CVE-2023-26136
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to impro
ποΈ CVE-2023-26255
An unauthenticated path traversal vulnerability affects the 'STAGIL Navigation for Jira - Menu & The
ποΈ CVE-2023-26256
An unauthenticated path traversal vulnerability affects the 'STAGIL Navigation for Jira - Menu & The
ποΈ CVE-2023-26258
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceI
ποΈ CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted la
ποΈ CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authenticati
ποΈ CVE-2023-26347
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper
ποΈ CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected
ποΈ CVE-2023-26469
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the s
ποΈ CVE-2023-26563
The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traver
ποΈ CVE-2023-26602
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using
ποΈ CVE-2023-26607
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
ποΈ CVE-2023-26609
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharac
ποΈ CVE-2023-26692
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper
ποΈ CVE-2023-26818
Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording
ποΈ CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inje
ποΈ CVE-2023-26843
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inje
ποΈ CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows a
ποΈ CVE-2023-26866
GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-463
ποΈ CVE-2023-26976
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in th
ποΈ CVE-2023-26982
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the A
ποΈ CVE-2023-26984
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails a
ποΈ CVE-2023-27008
A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in A
ποΈ CVE-2023-27034
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
ποΈ CVE-2023-27035
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications,
ποΈ CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSen
ποΈ CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the compone
ποΈ CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the
ποΈ CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via
ποΈ CVE-2023-27216
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code
ποΈ CVE-2023-27292
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of
ποΈ CVE-2023-27350
This vulnerability allows remote attackers to bypass authentication on affected installations of Pap
ποΈ CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serializat
ποΈ CVE-2023-27470
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Rac
ποΈ CVE-2023-27482
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing
ποΈ CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that
ποΈ CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the con
ποΈ CVE-2023-27564
The n8n package 0.218.0 for Node.js allows Information Disclosure.
ποΈ CVE-2023-27566
Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset T
ποΈ CVE-2023-27587
ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error
ποΈ CVE-2023-27639
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre
ποΈ CVE-2023-27640
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre
ποΈ CVE-2023-27703
The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug in
ποΈ CVE-2023-27704
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial o
ποΈ CVE-2023-27742
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/log
ποΈ CVE-2023-27746
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which
ποΈ CVE-2023-27842
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remot
ποΈ CVE-2023-27922
Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthentic
ποΈ CVE-2023-27997
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0
ποΈ CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthent
ποΈ CVE-2023-28197
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ven
ποΈ CVE-2023-28206
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma
ποΈ CVE-2023-28218
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ποΈ CVE-2023-28229
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
ποΈ CVE-2023-28231
DHCP Server Service Remote Code Execution Vulnerability
ποΈ CVE-2023-28244
Windows Kerberos Elevation of Privilege Vulnerability
ποΈ CVE-2023-28252
Windows Common Log File System Driver Elevation of Privilege Vulnerability
ποΈ CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk (b
ποΈ CVE-2023-28330
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access
ποΈ CVE-2023-28343
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the
ποΈ CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-
ποΈ CVE-2023-28434
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker
ποΈ CVE-2023-28447
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript
ποΈ CVE-2023-28467
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.
ποΈ CVE-2023-28588
Transient DOS in Bluetooth Host while rfc slot allocation.
ποΈ CVE-2023-28662
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an un
ποΈ CVE-2023-28665
The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-si
ποΈ CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN
ποΈ CVE-2023-28772
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex bu
ποΈ CVE-2023-28810
Some access control/intercom products have unauthorized modification of device network configuration
ποΈ CVE-2023-29007
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8,
ποΈ CVE-2023-29017
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to vers
ποΈ CVE-2023-29084
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injec
ποΈ CVE-2023-29298
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earli
ποΈ CVE-2023-29300
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earli
ποΈ CVE-2023-29324
Windows MSHTML Platform Security Feature Bypass Vulnerability
ποΈ CVE-2023-29336
Win32k Elevation of Privilege Vulnerability
ποΈ CVE-2023-29343
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
ποΈ CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
ποΈ CVE-2023-29360
Microsoft Streaming Service Elevation of Privilege Vulnerability
ποΈ CVE-2023-29406
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Hos
ποΈ CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t
ποΈ CVE-2023-29439
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <=Β 2.2.35
ποΈ CVE-2023-29478
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restrict
ποΈ CVE-2023-29489
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via
ποΈ CVE-2023-29622
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the passw
ποΈ CVE-2023-29623
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vuln
ποΈ CVE-2023-29808
Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execu
ποΈ CVE-2023-29809
SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attac
ποΈ CVE-2023-29839
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.
ποΈ CVE-2023-29887
A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attacker
ποΈ CVE-2023-29919
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read o
ποΈ CVE-2023-29922
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.
ποΈ CVE-2023-29923
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
ποΈ CVE-2023-29930
An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote
ποΈ CVE-2023-29983
Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to
ποΈ CVE-2023-30013
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulner
ποΈ CVE-2023-30019
imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization
ποΈ CVE-2023-30092
SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY paramete
ποΈ CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability
ποΈ CVE-2023-30146
Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers
ποΈ CVE-2023-30150
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leo
ποΈ CVE-2023-30185
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the componen
ποΈ CVE-2023-30210
OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.
ποΈ CVE-2023-30212
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
ποΈ CVE-2023-30226
An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry a
ποΈ CVE-2023-30256
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtai
ποΈ CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers
ποΈ CVE-2023-30347
Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name p
ποΈ CVE-2023-30367
Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to s
ποΈ CVE-2023-30383
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LIN
ποΈ CVE-2023-30458
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality
ποΈ CVE-2023-30459
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges)
ποΈ CVE-2023-30533
SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other word
ποΈ CVE-2023-30534
Cacti is an open source operational monitoring and fault management framework. There are two instanc
ποΈ CVE-2023-30547
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists
ποΈ CVE-2023-30625
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudde
ποΈ CVE-2023-30765
βDelta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access control
ποΈ CVE-2023-30777
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro,
ποΈ CVE-2023-30839
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain
ποΈ CVE-2023-30845
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructu
ποΈ CVE-2023-30854
AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerabilit
ποΈ CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met,
ποΈ CVE-2023-30868
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plu
ποΈ CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control pat
ποΈ CVE-2023-31059
Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain crede
ποΈ CVE-2023-31320
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corru
ποΈ CVE-2023-31346
Failure to initializememory in SEV Firmware may allow a privileged attacker to access stale datafr
ποΈ CVE-2023-31419
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted q
ποΈ CVE-2023-31433
A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow
ποΈ CVE-2023-31434
The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID i
ποΈ CVE-2023-31435
Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen,
ποΈ CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information
ποΈ CVE-2023-31446
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl paramet
ποΈ CVE-2023-31465
An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from v
ποΈ CVE-2023-31497
Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all vers
ποΈ CVE-2023-31541
A unrestricted file upload vulnerability was discovered in the βBrowse and upload imagesβ feature of
ποΈ CVE-2023-31546
Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code vi
ποΈ CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM
ποΈ CVE-2023-31584
GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scriptin
ποΈ CVE-2023-31594
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel
ποΈ CVE-2023-31595
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port acc
ποΈ CVE-2023-31606
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of
ποΈ CVE-2023-31634
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operati
ποΈ CVE-2023-31664
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API
ποΈ CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows
ποΈ CVE-2023-31703
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console
ποΈ CVE-2023-31704
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which
ποΈ CVE-2023-31705
A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allo
ποΈ CVE-2023-31714
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
ποΈ CVE-2023-31716
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
ποΈ CVE-2023-31717
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the da
ποΈ CVE-2023-31718
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
ποΈ CVE-2023-31719
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
ποΈ CVE-2023-31726
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtai
ποΈ CVE-2023-31747
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulner
ποΈ CVE-2023-31753
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary
ποΈ CVE-2023-31756
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V
ποΈ CVE-2023-31779
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege
ποΈ CVE-2023-31851
Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/w
ποΈ CVE-2023-31852
Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless
ποΈ CVE-2023-31853
Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth
ποΈ CVE-2023-32031
Microsoft Exchange Server Remote Code Execution Vulnerability
ποΈ CVE-2023-32073
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulner
ποΈ CVE-2023-32077
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage
ποΈ CVE-2023-32162
Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability.
ποΈ CVE-2023-32163
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerabilit
ποΈ CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch req
ποΈ CVE-2023-32235
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder
ποΈ CVE-2023-32243
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege
ποΈ CVE-2023-32314
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerab
ποΈ CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative
ποΈ CVE-2023-32353
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows.
ποΈ CVE-2023-32364
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A
ποΈ CVE-2023-32407
A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS
ποΈ CVE-2023-32422
This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iO
ποΈ CVE-2023-32560
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could resu
ποΈ CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
ποΈ CVE-2023-32571
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and com
ποΈ CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data ski
ποΈ CVE-2023-32681
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization head
ποΈ CVE-2023-32707
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below ve
ποΈ CVE-2023-32784
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory du
ποΈ CVE-2023-32961
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <=Β 7.3.3
ποΈ CVE-2023-33242
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full E
ποΈ CVE-2023-33243
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows auth
ποΈ CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command e
ποΈ CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged us
ποΈ CVE-2023-33264
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't m
ποΈ CVE-2023-33338
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
ποΈ CVE-2023-33381
A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC
ποΈ CVE-2023-33404
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in
ποΈ CVE-2023-33405
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
ποΈ CVE-2023-33408
Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insuffici
ποΈ CVE-2023-33409
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/cont
ποΈ CVE-2023-33410
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute
ποΈ CVE-2023-33439
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_
ποΈ CVE-2023-33440
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/aj
ποΈ CVE-2023-33476
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnera
ποΈ CVE-2023-33477
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly req
ποΈ CVE-2023-33510
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.
ποΈ CVE-2023-33517
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System)
ποΈ CVE-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump an
ποΈ CVE-2023-33580
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) i
ποΈ CVE-2023-33584
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which a
ποΈ CVE-2023-33592
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via t
ποΈ CVE-2023-33617
An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found
ποΈ CVE-2023-33629
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Deltrig
ποΈ CVE-2023-33668
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII a
ποΈ CVE-2023-33730
Privilege Escalation in the 'GetUserCurrentPwd' function in Microworld Technologies eScan Management
ποΈ CVE-2023-33731
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies
ποΈ CVE-2023-33732
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management consol
ποΈ CVE-2023-33733
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
ποΈ CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal.
ποΈ CVE-2023-33768
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin
ποΈ CVE-2023-33781
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a c
ποΈ CVE-2023-33782
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 d
ποΈ CVE-2023-33802
A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) vi
ποΈ CVE-2023-33817
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
ποΈ CVE-2023-33829
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows
ποΈ CVE-2023-33831
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows
ποΈ CVE-2023-33902
In bluetooth service, there is a missing permission check. This could lead to local information disc
ποΈ CVE-2023-33977
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS
ποΈ CVE-2023-34020
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for
ποΈ CVE-2023-34034
Using '**' as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern
ποΈ CVE-2023-34035
Spring Security versions 5.8Β prior to 5.8.5, 6.0Β prior to 6.0.5,Β and 6.1Β prior to 6.1.2Β could be sus
ποΈ CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique
ποΈ CVE-2023-34040
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserializa
ποΈ CVE-2023-34050
In spring AMQP versions 1.0.0 to2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for des
ποΈ CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability.Β An unauthenticated,
ποΈ CVE-2023-34092
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vit
ποΈ CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and
ποΈ CVE-2023-34124
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, al
ποΈ CVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerabi
ποΈ CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to
ποΈ CVE-2023-34212
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Pr
ποΈ CVE-2023-34259
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory
ποΈ CVE-2023-34312
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll
ποΈ CVE-2023-34362
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5
ποΈ CVE-2023-34458
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang.
ποΈ CVE-2023-34468
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1
ποΈ CVE-2023-34537
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/com
ποΈ CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the cont
ποΈ CVE-2023-34599
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which en
ποΈ CVE-2023-34600
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
ποΈ CVE-2023-34634
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deseri
ποΈ CVE-2023-34659
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jm
ποΈ CVE-2023-34751
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at ad
ποΈ CVE-2023-34752
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at ad
ποΈ CVE-2023-34753
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at ad
ποΈ CVE-2023-34755
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at
ποΈ CVE-2023-34756
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at ad
ποΈ CVE-2023-34761
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup,
ποΈ CVE-2023-34830
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2023-34835
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
ποΈ CVE-2023-34836
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
ποΈ CVE-2023-34837
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
ποΈ CVE-2023-34838
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
ποΈ CVE-2023-34839
A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote a
ποΈ CVE-2023-34840
angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting
ποΈ CVE-2023-34843
Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.
ποΈ CVE-2023-34845
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /ad
ποΈ CVE-2023-34852
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.
ποΈ CVE-2023-34853
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hij
ποΈ CVE-2023-34924
H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoBy
ποΈ CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 al
ποΈ CVE-2023-34965
SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user
ποΈ CVE-2023-34993
A improper neutralization of special elements used in an os command ('os command injection') in Fort
ποΈ CVE-2023-35001
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm regist
ποΈ CVE-2023-35078
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted
ποΈ CVE-2023-35080
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a
ποΈ CVE-2023-35082
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to
ποΈ CVE-2023-35086
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability i
ποΈ CVE-2023-35636
Microsoft Outlook Information Disclosure Vulnerability
ποΈ CVE-2023-35671
In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose N
ποΈ CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a lo
ποΈ CVE-2023-35687
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free.
ποΈ CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session
ποΈ CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint
ποΈ CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker t
ποΈ CVE-2023-35803
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
ποΈ CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience
ποΈ CVE-2023-35828
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3
ποΈ CVE-2023-35840
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal
ποΈ CVE-2023-35843
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticate
ποΈ CVE-2023-35844
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they all
ποΈ CVE-2023-35885
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
ποΈ CVE-2023-35985
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Read
ποΈ CVE-2023-36003
XAML Diagnostics Elevation of Privilege Vulnerability
ποΈ CVE-2023-36025
Windows SmartScreen Security Feature Bypass Vulnerability
ποΈ CVE-2023-36076
SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute
ποΈ CVE-2023-36109
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitra
ποΈ CVE-2023-36123
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows l
ποΈ CVE-2023-36143
Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the 'Diagnostic tool' f
ποΈ CVE-2023-36144
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticate
ποΈ CVE-2023-36146
A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.
ποΈ CVE-2023-36158
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows rem
ποΈ CVE-2023-36159
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 all
ποΈ CVE-2023-36163
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to ex
ποΈ CVE-2023-36164
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with
ποΈ CVE-2023-36165
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with
ποΈ CVE-2023-36168
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with
ποΈ CVE-2023-36169
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with
ποΈ CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute a
ποΈ CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file t
ποΈ CVE-2023-36287
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an
ποΈ CVE-2023-36289
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an
ποΈ CVE-2023-36306
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a rem
ποΈ CVE-2023-36319
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary
ποΈ CVE-2023-36346
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via
ποΈ CVE-2023-36407
Windows Hyper-V Elevation of Privilege Vulnerability
ποΈ CVE-2023-36424
Windows Common Log File System Driver Elevation of Privilege Vulnerability
ποΈ CVE-2023-36427
Windows Hyper-V Elevation of Privilege Vulnerability
ποΈ CVE-2023-36643
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders fr
ποΈ CVE-2023-36644
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order con
ποΈ CVE-2023-36645
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries vi
ποΈ CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pip
ποΈ CVE-2023-36723
Windows Container Manager Service Elevation of Privilege Vulnerability
ποΈ CVE-2023-36745
Microsoft Exchange Server Remote Code Execution Vulnerability
ποΈ CVE-2023-36802
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
ποΈ CVE-2023-36812
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable
ποΈ CVE-2023-36844
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Serie
ποΈ CVE-2023-36845
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Serie
ποΈ CVE-2023-36846
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Ser
ποΈ CVE-2023-36874
Windows Error Reporting Service Elevation of Privilege Vulnerability
ποΈ CVE-2023-36884
Windows Search Remote Code Execution Vulnerability
ποΈ CVE-2023-36899
ASP.NET Elevation of Privilege Vulnerability
ποΈ CVE-2023-36900
Windows Common Log File System Driver Elevation of Privilege Vulnerability
ποΈ CVE-2023-36934
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0
ποΈ CVE-2023-37164
Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter
ποΈ CVE-2023-37189
A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX ver
ποΈ CVE-2023-37190
A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers
ποΈ CVE-2023-37191
A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers
ποΈ CVE-2023-37250
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYST
ποΈ CVE-2023-37265
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthen
ποΈ CVE-2023-37266
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs a
ποΈ CVE-2023-37270
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vuln
ποΈ CVE-2023-37462
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of
ποΈ CVE-2023-37474
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnera
ποΈ CVE-2023-37478
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or par
ποΈ CVE-2023-37580
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
ποΈ CVE-2023-37582
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023
ποΈ CVE-2023-37596
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to
ποΈ CVE-2023-37597
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to
ποΈ CVE-2023-37598
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker
ποΈ CVE-2023-37599
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the m
ποΈ CVE-2023-37621
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with
ποΈ CVE-2023-37625
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbit
ποΈ CVE-2023-37629
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can uploa
ποΈ CVE-2023-37679
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to e
ποΈ CVE-2023-37728
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color par
ποΈ CVE-2023-37739
i-doit Pro v25 and below was discovered to be vulnerable to path traversal.
ποΈ CVE-2023-37755
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administra
ποΈ CVE-2023-37756
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administr
ποΈ CVE-2023-37771
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /
ποΈ CVE-2023-37772
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the
ποΈ CVE-2023-37786
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arb
ποΈ CVE-2023-37790
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnera
ποΈ CVE-2023-37800
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with
ποΈ CVE-2023-37903
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.j
ποΈ CVE-2023-37941
If an attacker gains write access to the Apache Superset metadata database, they could persist a spe
ποΈ CVE-2023-37979
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact For
ποΈ CVE-2023-38035
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below,
ποΈ CVE-2023-38041
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race
ποΈ CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
ποΈ CVE-2023-38203
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are a
ποΈ CVE-2023-38205
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are a
ποΈ CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search pa
ποΈ CVE-2023-38433
Fujitsu Real-time Video Transmission Gear 'IP series' use hard-coded credentials, which may allow a
ποΈ CVE-2023-38434
xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.
ποΈ CVE-2023-38490
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2
ποΈ CVE-2023-38497
Cargo downloads the Rust projectβs dependencies and compiles the project. Cargo prior to version 0.7
ποΈ CVE-2023-38499
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior
ποΈ CVE-2023-38501
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cros
ποΈ CVE-2023-38545
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked
ποΈ CVE-2023-38571
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur
ποΈ CVE-2023-38632
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing m
ποΈ CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to exec
ποΈ CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the hos
ποΈ CVE-2023-38829
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via
ποΈ CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a
ποΈ CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by a
ποΈ CVE-2023-38840
Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive inform
ποΈ CVE-2023-38890
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries
ποΈ CVE-2023-38891
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate
ποΈ CVE-2023-39002
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsens
ποΈ CVE-2023-39026
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows
ποΈ CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to exec
ποΈ CVE-2023-39063
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary co
ποΈ CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b paramet
ποΈ CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a paramet
ποΈ CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter
ποΈ CVE-2023-39115
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via
ποΈ CVE-2023-39141
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
ποΈ CVE-2023-39143
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upl
ποΈ CVE-2023-39144
Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.
ποΈ CVE-2023-39320
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binar
ποΈ CVE-2023-39361
Cacti is an open source operational monitoring and fault management framework. Affected versions are
ποΈ CVE-2023-39362
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, unde
ποΈ CVE-2023-39526
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.
ποΈ CVE-2023-39539
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG
ποΈ CVE-2023-39598
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacke
ποΈ CVE-2023-39600
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color
ποΈ CVE-2023-39676
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scrip
ποΈ CVE-2023-39677
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered
ποΈ CVE-2023-39700
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnera
ποΈ CVE-2023-39707
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management Syste
ποΈ CVE-2023-39708
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management Syste
ποΈ CVE-2023-39709
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys
ποΈ CVE-2023-39710
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys
ποΈ CVE-2023-39711
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys
ποΈ CVE-2023-39712
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys
ποΈ CVE-2023-39714
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys
ποΈ CVE-2023-39796
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated
ποΈ CVE-2023-40000
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
ποΈ CVE-2023-40028
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnera
ποΈ CVE-2023-40031
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to h
ποΈ CVE-2023-40037
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Control
ποΈ CVE-2023-40044
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .
ποΈ CVE-2023-40084
In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This co
ποΈ CVE-2023-40109
In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) d
ποΈ CVE-2023-40121
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe des
ποΈ CVE-2023-40127
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This
ποΈ CVE-2023-40133
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images du
ποΈ CVE-2023-40140
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execu
ποΈ CVE-2023-40208
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar UroΕ‘eviΔ Stock Ticker plugi
ποΈ CVE-2023-40275
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries
ποΈ CVE-2023-40276
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability ha
ποΈ CVE-2023-40277
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerabil
ποΈ CVE-2023-40278
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been
ποΈ CVE-2023-40279
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversa
ποΈ CVE-2023-40280
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversa
ποΈ CVE-2023-40294
libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.
ποΈ CVE-2023-40296
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udps
ποΈ CVE-2023-40355
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before
ποΈ CVE-2023-40361
SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploi
ποΈ CVE-2023-40362
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of acce
ποΈ CVE-2023-40429
A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 a
ποΈ CVE-2023-40459
TheACEManager component of ALEOS 4.16 and earlier does not adequately performinput saniti
ποΈ CVE-2023-40600
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image O
ποΈ CVE-2023-40626
The language file parsing process could be manipulated to expose environment variables. Environment
ποΈ CVE-2023-40779
An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitra
ποΈ CVE-2023-40868
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote atta
ποΈ CVE-2023-40869
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote a
ποΈ CVE-2023-40924
SolarView Compact < 6.00 is vulnerable to Directory Traversal.
ποΈ CVE-2023-40930
An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory
ποΈ CVE-2023-40931
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows aut
ποΈ CVE-2023-40933
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with ann
ποΈ CVE-2023-40989
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to exe
ποΈ CVE-2023-41064
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6
π��οΈ CVE-2023-41080
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apa
ποΈ CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to
ποΈ CVE-2023-41109
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
ποΈ CVE-2023-41265
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May
��ποΈ CVE-2023-41266
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patc
ποΈ CVE-2023-41362
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin C
ποΈ CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to ex
ποΈ CVE-2023-41436
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary co
ποΈ CVE-2023-41474
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attack
ποΈ CVE-2023-41507
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the stor
ποΈ CVE-2023-41508
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel
ποΈ CVE-2023-41538
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword paramete
ποΈ CVE-2023-41575
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Don
ποΈ CVE-2023-41592
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.
ποΈ CVE-2023-41593
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP a
ποΈ CVE-2023-41613
EzViz Studio v2.2.0 is vulnerable to DLL hijacking.
ποΈ CVE-2023-41623
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid paramete
ποΈ CVE-2023-41642
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component
ποΈ CVE-2023-41646
Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manage
ποΈ CVE-2023-41717
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers
ποΈ CVE-2023-41763
Skype for Business Elevation of Privilege Vulnerability
ποΈ CVE-2023-41772
Win32k Elevation of Privilege Vulnerability
ποΈ CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity atta
ποΈ CVE-2023-41991
A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 an
ποΈ CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web
ποΈ CVE-2023-42222
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shel
ποΈ CVE-2023-42283
Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and d
ποΈ CVE-2023-42284
Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access
ποΈ CVE-2023-42362
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute
ποΈ CVE-2023-42426
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to
ποΈ CVE-2023-42442
JumpServer is an open source bastion host and a professional operation and maintenance security audi
ποΈ CVE-2023-42468
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to i
ποΈ CVE-2023-42469
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed
ποΈ CVE-2023-42470
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code E
ποΈ CVE-2023-42471
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbit
ποΈ CVE-2023-42789
A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.
ποΈ CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was p
ποΈ CVE-2023-42819
JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any
ποΈ CVE-2023-42820
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number s
ποΈ CVE-2023-42931
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Son
ποΈ CVE-2023-43115
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via
ποΈ CVE-2023-43144
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the 'id' param
ποΈ CVE-2023-43147
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an ad
ποΈ CVE-2023-43148
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker
ποΈ CVE-2023-43149
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to
ποΈ CVE-2023-43154
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in 'isValidLogin(
ποΈ CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determin
ποΈ CVE-2023-43187
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum so
ποΈ CVE-2023-43208
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code e
ποΈ CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attacke
ποΈ CVE-2023-43263
A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbi
ποΈ CVE-2023-43284
D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticate
ποΈ CVE-2023-43317
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPer
ποΈ CVE-2023-43318
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges
ποΈ CVE-2023-43323
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the s
ποΈ CVE-2023-43325
A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocia
ποΈ CVE-2023-43326
A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 all
ποΈ CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execut
ποΈ CVE-2023-43340
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arb
ποΈ CVE-2023-43341
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute
ποΈ CVE-2023-43342
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to
ποΈ CVE-2023-43343
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to
ποΈ CVE-2023-43344
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to
ποΈ CVE-2023-43345
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to
ποΈ CVE-2023-43346
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to
ποΈ CVE-2023-43352
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted p
ποΈ CVE-2023-43353
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43354
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43355
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43357
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43359
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43360
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi
ποΈ CVE-2023-43364
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
ποΈ CVE-2023-43481
An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp
ποΈ CVE-2023-43482
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada
ποΈ CVE-2023-43654
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default config
ποΈ CVE-2023-43667
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
ποΈ CVE-2023-43757
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOG
ποΈ CVE-2023-43770
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail
ποΈ CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This
ποΈ CVE-2023-43795
GeoServer is an open source software server written in Java that allows users to share and edit geos
ποΈ CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP h
ποΈ CVE-2023-43838
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to exe
ποΈ CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden
ποΈ CVE-2023-43872
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file w
ποΈ CVE-2023-43873
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute ar
ποΈ CVE-2023-43874
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to exe
ποΈ CVE-2023-43875
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a
ποΈ CVE-2023-43876
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to
ποΈ CVE-2023-43877
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute
ποΈ CVE-2023-43878
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute
ποΈ CVE-2023-43879
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitra
ποΈ CVE-2023-43955
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents
ποΈ CVE-2023-44061
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to
ποΈ CVE-2023-44352
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected
ποΈ CVE-2023-44353
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserial
ποΈ CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell
ποΈ CVE-2023-44758
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to e
ποΈ CVE-2023-44760
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to exe
ποΈ CVE-2023-44761
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and
ποΈ CVE-2023-44762
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an at
ποΈ CVE-2023-44763
Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file uploa
ποΈ CVE-2023-44764
A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name paramete
ποΈ CVE-2023-44765
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 throug
ποΈ CVE-2023-44766
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arb
ποΈ CVE-2023-44767
A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS con
ποΈ CVE-2023-44769
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to exe
ποΈ CVE-2023-44770
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute
ποΈ CVE-2023-44771
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to exe
ποΈ CVE-2023-44811
Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to exe
ποΈ CVE-2023-44812
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute ar
ποΈ CVE-2023-44813
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute ar
ποΈ CVE-2023-44961
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker t
ποΈ CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to r
ποΈ CVE-2023-45158
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is confi
ποΈ CVE-2023-45182
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to havi
ποΈ CVE-2023-45184
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacke
ποΈ CVE-2023-45185
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacke
ποΈ CVE-2023-45280
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buck
ποΈ CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an exce
ποΈ CVE-2023-45471
The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and incl
ποΈ CVE-2023-45503
SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary
ποΈ CVE-2023-45540
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML
ποΈ CVE-2023-45542
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive i
ποΈ CVE-2023-45657
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
ποΈ CVE-2023-45671
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflect
ποΈ CVE-2023-45777
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch
ποΈ CVE-2023-45779
In the APEX module framework of AOSP, there is a possible malicious update to platform components du
ποΈ CVE-2023-45852
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authenti
ποΈ CVE-2023-45857
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cooki
ποΈ CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate an
ποΈ CVE-2023-45966
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerabil
ποΈ CVE-2023-45992
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 553
ποΈ CVE-2023-46003
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.
ποΈ CVE-2023-46014
SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to
ποΈ CVE-2023-46015
Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attacke
ποΈ CVE-2023-46016
Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitr
ποΈ CVE-2023-46017
SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to
ποΈ CVE-2023-46018
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to
ποΈ CVE-2023-46019
Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers
ποΈ CVE-2023-46020
Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to
ποΈ CVE-2023-46021
SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run ar
ποΈ CVE-2023-46022
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run ar
ποΈ CVE-2023-46303
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by defau
ποΈ CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base pro
ποΈ CVE-2023-46359
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, m
ποΈ CVE-2023-46404
PCRS <= 3.11 (d0de1e) βQuestionsβ page and βCode editorβ page are vulnerable to remote code executio
ποΈ CVE-2023-46447
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sen
ποΈ CVE-2023-46449
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Acce
ποΈ CVE-2023-46450
Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scri
ποΈ CVE-2023-46451
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change userna
ποΈ CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands
ποΈ CVE-2023-46474
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalat
ποΈ CVE-2023-46478
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script t
ποΈ CVE-2023-46480
An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive
ποΈ CVE-2023-46501
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted p
ποΈ CVE-2023-46574
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary cod
ποΈ CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability ma
ποΈ CVE-2023-46615
Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD C
ποΈ CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with n
ποΈ CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic
ποΈ CVE-2023-46813
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace
ποΈ CVE-2023-46865
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to
ποΈ CVE-2023-46918
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest f
ποΈ CVE-2023-46954
SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier all
ποΈ CVE-2023-46974
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacke
ποΈ CVE-2023-46980
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code
ποΈ CVE-2023-46998
Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker
ποΈ CVE-2023-47014
A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with
ποΈ CVE-2023-47102
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message con
ποΈ CVE-2023-47115
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-si
ποΈ CVE-2023-47119
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable
ποΈ CVE-2023-47129
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4
ποΈ CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager
ποΈ CVE-2023-47218
An OS command injection vulnerability has been reported to affect several QNAP operating system vers
ποΈ CVE-2023-47246
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an
ποΈ CVE-2023-47355
The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Andr
ποΈ CVE-2023-47437
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a
ποΈ CVE-2023-47459
An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via
ποΈ CVE-2023-47460
SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitr
ποΈ CVE-2023-47464
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote atta
ποΈ CVE-2023-47488
Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain
ποΈ CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute ar
ποΈ CVE-2023-47529
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Template
ποΈ CVE-2023-47564
An incorrect permission assignment for critical resource vulnerability has been reported to affect Q
ποΈ CVE-2023-47643
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, G
ποΈ CVE-2023-47668
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plu
ποΈ CVE-2023-47840
Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Ess
ποΈ CVE-2023-47882
The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a
ποΈ CVE-2023-47883
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable
ποΈ CVE-2023-47889
The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions throu
ποΈ CVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submissi
ποΈ CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report
ποΈ CVE-2023-48028
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the log
ποΈ CVE-2023-48029
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a m
ποΈ CVE-2023-48031
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the commen
ποΈ CVE-2023-48034
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both
ποΈ CVE-2023-48084
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk
ποΈ CVE-2023-48104
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
ποΈ CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacke
ποΈ CVE-2023-48197
Cross-Site Scripting (XSS) vulnerability in the βmanageApiKeysβ component of Grocy 4.0.3 and earlier
ποΈ CVE-2023-48198
A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock
ποΈ CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to
ποΈ CVE-2023-48200
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary cod
ποΈ CVE-2023-48777
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Bui
ποΈ CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F
ποΈ CVE-2023-48842
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the
ποΈ CVE-2023-48849
Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to rem
ποΈ CVE-2023-48858
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote
ποΈ CVE-2023-48866
A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/r
ποΈ CVE-2023-48974
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to
ποΈ CVE-2023-49000
An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended acces
ποΈ CVE-2023-49001
An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access res
ποΈ CVE-2023-49002
An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to
ποΈ CVE-2023-49003
An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access rest
ποΈ CVE-2023-49038
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated atta
ποΈ CVE-2023-49052
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code v
ποΈ CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPCΒ no longer maintainedΒ still present.Thi
ποΈ CVE-2023-49103
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The
ποΈ CVE-2023-49105
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or
ποΈ CVE-2023-49313
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By ex
ποΈ CVE-2023-49314
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inad
ποΈ CVE-2023-49339
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /
ποΈ CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to
ποΈ CVE-2023-49453
Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local at
ποΈ CVE-2023-49471
Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.
ποΈ CVE-2023-49539
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili
ποΈ CVE-2023-49540
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili
ποΈ CVE-2023-49543
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized
ποΈ CVE-2023-49544
A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP
ποΈ CVE-2023-49545
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories
ποΈ CVE-2023-49546
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email par
ποΈ CVE-2023-49547
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username
ποΈ CVE-2023-49548
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname
ποΈ CVE-2023-49785
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatG
ποΈ CVE-2023-49950
The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize lo
ποΈ CVE-2023-49954
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a fir
ποΈ CVE-2023-49964
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious c
ποΈ CVE-2023-49965
SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters
ποΈ CVE-2023-49968
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parame
ποΈ CVE-2023-49969
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parame
ποΈ CVE-2023-49970
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject p
ποΈ CVE-2023-49971
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute
ποΈ CVE-2023-49973
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute
ποΈ CVE-2023-49974
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute
ποΈ CVE-2023-49976
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute
ποΈ CVE-2023-49977
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute
ποΈ CVE-2023-49978
Incorrect access control in Customer Support System v1 allows non-administrator users to access admi
ποΈ CVE-2023-49979
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories
ποΈ CVE-2023-49980
A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to
ποΈ CVE-2023-49981
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list dir
ποΈ CVE-2023-49982
Broken access control in the component /admin/management/users of School Fees Management System v1.0
ποΈ CVE-2023-49983
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Managem
ποΈ CVE-2023-49984
A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Mana
ποΈ CVE-2023-49985
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Managem
ποΈ CVE-2023-49986
A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management
ποΈ CVE-2023-49987
A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Manageme
ποΈ CVE-2023-49988
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss p
ποΈ CVE-2023-49989
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id par
ποΈ CVE-2023-50070
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_s
ποΈ CVE-2023-50071
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_s
ποΈ CVE-2023-50072
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Pro
ποΈ CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances
ποΈ CVE-2023-50254
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability
ποΈ CVE-2023-50290
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Me
ποΈ CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous T
ποΈ CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r
ποΈ CVE-2023-50465
A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG d
ποΈ CVE-2023-50643
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code
ποΈ CVE-2023-50917
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell me
ποΈ CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user
ποΈ CVE-2023-51073
An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Fi
ποΈ CVE-2023-51126
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to ru
ποΈ CVE-2023-51127
FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal du
ποΈ CVE-2023-51281
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to esca
ποΈ CVE-2023-51385
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell
ποΈ CVE-2023-51409
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatb
ποΈ CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind
ποΈ CVE-2023-51467
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotel
ποΈ CVE-2023-51504
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
ποΈ CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_un
ποΈ CVE-2023-51800
Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote atta
ποΈ CVE-2023-51801
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker t
ποΈ CVE-2023-51802
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remo
ποΈ CVE-2023-51810
SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote
ποΈ CVE-2023-52085
Winter is a free, open-source content management system. Users with access to backend forms that inc
ποΈ CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a succes
ποΈ CVE-2023-52251
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arb