CVE-2023-2xxx

There are 946 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-2000 Unrestricted navigation due to unvalidated mattermost server redirection
S
CVE-2023-2001 An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions sta...
CVE-2023-2002 A vulnerability was found in the HCI sockets implementation due to a missing capability check in net...
E
CVE-2023-2003 Embedded malicious code vulnerability in Unitronics Vision1210
CVE-2023-2004 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-2005 Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
S
CVE-2023-2006 A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of Rx...
S
CVE-2023-2007 The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of pr...
S
CVE-2023-2008 A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a faul...
S
CVE-2023-2009 Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
E
CVE-2023-2010 Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote
E
CVE-2023-2013 An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8...
CVE-2023-2014 Cross-site Scripting (XSS) - Generic in microweber/microweber
E S
CVE-2023-2015 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10....
CVE-2023-2017 Improper Control of Generation of Code in Twig Rendered Views in Shopware
E S
CVE-2023-2019 A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. Thi...
S
CVE-2023-2020 Unauthorized scheduling of downtimes via REST API
CVE-2023-2021 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-2022 Missing Authorization in GitLab
E S
CVE-2023-2023 Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting
E
CVE-2023-2024 Improper Authentication for OpenBlue Enterprise Manager Data Collector
S
CVE-2023-2025 Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector
S
CVE-2023-2026 Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-2027 The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions...
CVE-2023-2028 Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
E
CVE-2023-2029 PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-2030 Improper Verification of Cryptographic Signature in GitLab
E S
CVE-2023-2031 The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2023-2032 Custom 404 Pro < 3.8.1 - Multiple SQL Injection
E
CVE-2023-2033 Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potential...
KEV
CVE-2023-2034 Unrestricted Upload of File with Dangerous Type in froxlor/froxlor
E S
CVE-2023-2035 Campcodes Video Sharing Website signup.php sql injection
E
CVE-2023-2036 Campcodes Video Sharing Website upload.php sql injection
E
CVE-2023-2037 Campcodes Video Sharing Website watch.php sql injection
E
CVE-2023-2038 Campcodes Video Sharing Website admin_class.php sql injection
E
CVE-2023-2039 novel-plus sql injection
E
CVE-2023-2040 novel-plus sql injection
E
CVE-2023-2041 novel-plus sql injection
E
CVE-2023-2042 DataGear JDBC Server deserialization
E
CVE-2023-2043 Control iD RHiD Edit a sql injection
CVE-2023-2044 Control iD iDSecure Dispositivos Page cross site scripting
CVE-2023-2045 SQLi in Ipekyolu Software's Auto Damage Tracking Software
CVE-2023-2046 SQLi in Yontem Vehicle TrackingSsystem
CVE-2023-2047 Campcodes Advanced Online Voting System login.php sql injection
E
CVE-2023-2048 Campcodes Advanced Online Voting System voters_row.php sql injection
E
CVE-2023-2049 Campcodes Advanced Online Voting System ballot_up.php sql injection
E
CVE-2023-2050 Campcodes Advanced Online Voting System positions_add.php sql injection
E
CVE-2023-2051 Campcodes Advanced Online Voting System positions_row.php sql injection
E
CVE-2023-2052 Campcodes Advanced Online Voting System ballot_down.php sql injection
E
CVE-2023-2053 Campcodes Advanced Online Voting System candidates_row.php sql injection
E
CVE-2023-2054 Campcodes Advanced Online Voting System positions_delete.php sql injection
E
CVE-2023-2055 Campcodes Advanced Online Voting System config_save.php cross site scripting
E
CVE-2023-2056 DedeCMS module_main.php GetSystemFile code injection
E
CVE-2023-2057 EyouCms New Picture cross site scripting
E
CVE-2023-2058 EyouCms HTTP POST Request cross site scripting
E
CVE-2023-2059 DedeCMS select_templets.php path traversal
E
CVE-2023-2060 Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
CVE-2023-2061 Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools
CVE-2023-2063 Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
CVE-2023-2064 SQLi in Minova Technology's eTrace
CVE-2023-2065 IDOR in Armoli Technology's Cargo Tracking System
CVE-2023-2066 The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized...
S
CVE-2023-2067 The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site R...
S
CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
E
CVE-2023-2069 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all ...
CVE-2023-2071 FactoryTalk View Machine Edition Vulnerable to Remote Code Execution
S
CVE-2023-2072 Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability
S
CVE-2023-2073 Campcodes Online Traffic Offense Management System Login.php sql injection
E
CVE-2023-2074 Campcodes Online Traffic Offense Management System Master.php sql injection
E
CVE-2023-2075 Campcodes Online Traffic Offense Management System view_details.php sql injection
E
CVE-2023-2076 Campcodes Online Traffic Offense Management System Users.phpp cross site scripting
E
CVE-2023-2077 Campcodes Online Traffic Offense Management System view_details.php cross site scripting
E
CVE-2023-2078 The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized ...
E S
CVE-2023-2079 The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Re...
E S
CVE-2023-2080 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
CVE-2023-2082 The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Sc...
E S
CVE-2023-2083 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to ...
S
CVE-2023-2084 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to ...
S
CVE-2023-2085 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to ...
S
CVE-2023-2086 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to ...
S
CVE-2023-2087 The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up...
S
CVE-2023-2088 A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be tri...
CVE-2023-2089 SourceCodester Complaint Management System GET Parameter userprofile.php sql injection
E
CVE-2023-2090 SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection
E
CVE-2023-2091 KylinSoft youker-assistant adjust_cpufreq_scaling_governer os command injection
E S
CVE-2023-2092 SourceCodester Vehicle Service Management System view_service.php sql injection
E
CVE-2023-2093 SourceCodester Vehicle Service Management System Login.php sql injection
E
CVE-2023-2094 SourceCodester Vehicle Service Management System manage_mechanic.php sql injection
E
CVE-2023-2095 SourceCodester Vehicle Service Management System manage_category.php sql injection
E
CVE-2023-2096 SourceCodester Vehicle Service Management System manage_inventory.php sql injection
E
CVE-2023-2097 SourceCodester Vehicle Service Management System Master.php sql injection
E
CVE-2023-2098 SourceCodester Vehicle Service Management System topBarNav.php cross site scripting
E
CVE-2023-2099 SourceCodester Vehicle Service Management System Users.php cross site scripting
E
CVE-2023-2100 SourceCodester Vehicle Service Management System index.php cross site scripting
E
CVE-2023-2101 moxi624 Mogu Blog v2 uploadPicsByUrl uploadPictureByUrl absolute path traversal
E
CVE-2023-2102 Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments
E S
CVE-2023-2103 Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments
E S
CVE-2023-2104 Improper Access Control in alextselegidis/easyappointments
E S
CVE-2023-2105 Session Fixation in alextselegidis/easyappointments
E S
CVE-2023-2106 Weak Password Requirements in janeczku/calibre-web
E S
CVE-2023-2107 IBOS del&op=recycle sql injection
E
CVE-2023-2108 SourceCodester Judging Management System edit_contestant.php sql injection
E
CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot
S
CVE-2023-2110 Obsidian Local File Disclosure
E M
CVE-2023-2111 HollerBox < 2.1.4 - Admin+ SQL Injection
E
CVE-2023-2112 Desktop component allows lateral movement between sessions
S
CVE-2023-2113 Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import
E
CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection
E
CVE-2023-2117 Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal
E
CVE-2023-2118 Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below all...
CVE-2023-2119 The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scrip...
CVE-2023-2120 The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v...
CVE-2023-2121 Vault’s KV Diff Viewer Allowed for HTML Injection
CVE-2023-2122 Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting
E
CVE-2023-2123 WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting
E
CVE-2023-2124 An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user re...
E S
CVE-2023-2130 SourceCodester Purchase Order Management System GET Parameter view_details.php sql injection
E
CVE-2023-2131 CVE-2023-2131
CVE-2023-2132 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10....
CVE-2023-2133 Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a...
CVE-2023-2134 Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a...
CVE-2023-2135 Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who co...
CVE-2023-2136 Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had ...
KEV
CVE-2023-2137 Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to...
CVE-2023-2138 Use of Hard-coded Credentials in nuxtlabs/github-module
S
CVE-2023-2139 Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2140 Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2141 Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting
CVE-2023-2143 Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS
E
CVE-2023-2144 Campcodes Online Thesis Archiving System view_department.php sql injection
E
CVE-2023-2145 Campcodes Online Thesis Archiving System projects_per_curriculum.php sql injection
E
CVE-2023-2146 Campcodes Online Thesis Archiving System Master.php sql injection
E
CVE-2023-2147 Campcodes Online Thesis Archiving System view_details.php sql injection
E
CVE-2023-2148 Campcodes Online Thesis Archiving System view_curriculum.php sql injection
E
CVE-2023-2149 Campcodes Online Thesis Archiving System manage_user.php sql injection
E
CVE-2023-2150 SourceCodester Task Reminder System Master.php sql injection
E
CVE-2023-2151 SourceCodester Student Study Center Desk Management System manage_student.php sql injection
E
CVE-2023-2152 SourceCodester Student Study Center Desk Management System index.php file inclusion
E
CVE-2023-2153 SourceCodester Complaint Management System POST Parameter editable_ajax.php cross site scripting
E
CVE-2023-2154 SourceCodester Task Reminder System sql injection
E
CVE-2023-2155 SourceCodester Air Cargo Management System cross site scripting
E
CVE-2023-2156 A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL prot...
CVE-2023-2157 A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the...
S
CVE-2023-2158 Impersonation through User-Controlled Token
CVE-2023-2159 The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in...
E S
CVE-2023-2160 Weak Password Requirements in modoboa/modoboa
E S
CVE-2023-2161 A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could ca...
CVE-2023-2162 A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c ...
S
CVE-2023-2163 Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
S
CVE-2023-2164 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2023-2166 A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before L...
CVE-2023-2168 The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Term...
S
CVE-2023-2169 The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Post...
S
CVE-2023-2170 The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Post...
S
CVE-2023-2171 The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's short...
S
CVE-2023-2172 The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to...
S
CVE-2023-2173 The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to...
S
CVE-2023-2174 The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing...
S
CVE-2023-2176 A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the L...
S
CVE-2023-2177 A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c i...
S
CVE-2023-2178 Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS
E
CVE-2023-2179 WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update
E
CVE-2023-2180 KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
E
CVE-2023-2181 An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7,...
CVE-2023-2182 An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5,...
E
CVE-2023-2183 Grafana is an open-source platform for monitoring and observability. The option to send a test ale...
E
CVE-2023-2184 The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to ...
CVE-2023-2185 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-2186 On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send...
CVE-2023-2187 On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send...
CVE-2023-2188 The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in...
S
CVE-2023-2189 The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthor...
E
CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab
E S
CVE-2023-2191 Cross-site Scripting (XSS) - Stored in azuracast/azuracast
E S
CVE-2023-2193 Oauth authorization codes do not expire when deauthorizing an oauth2 app
S
CVE-2023-2194 An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The ...
S
CVE-2023-2195 CSRF vulnerability and missing permission checks in Code Dx Plugin
CVE-2023-2196 Missing permission checks in Code Dx Plugin
CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
M
CVE-2023-2198 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8...
CVE-2023-2199 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10....
CVE-2023-2200 Improper Encoding or Escaping of Output in GitLab
E S
CVE-2023-2201 The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in v...
CVE-2023-2202 Improper Access Control in francoisjacquet/rosariosis
S
CVE-2023-2203 A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-afte...
CVE-2023-2204 Campcodes Retro Basketball Shoes Online Store faqs.php sql injection
E
CVE-2023-2205 Campcodes Retro Basketball Shoes Online Store login.php sql injection
E
CVE-2023-2206 Campcodes Retro Basketball Shoes Online Store contactus.php sql injection
E
CVE-2023-2207 Campcodes Retro Basketball Shoes Online Store contactus1.php sql injection
E
CVE-2023-2208 Campcodes Retro Basketball Shoes Online Store details.php sql injection
E
CVE-2023-2209 Campcodes Coffee Shop POS System view_details.php sql injection
E
CVE-2023-2210 Campcodes Coffee Shop POS System view_category.php sql injection
E
CVE-2023-2211 Campcodes Coffee Shop POS System manage_category.php sql injection
E
CVE-2023-2212 Campcodes Coffee Shop POS System view_product.php sql injection
E
CVE-2023-2213 Campcodes Coffee Shop POS System manage_product.php sql injection
E
CVE-2023-2214 Campcodes Coffee Shop POS System manage_sale.php sql injection
E
CVE-2023-2215 Campcodes Coffee Shop POS System manage_user.php sql injection
E
CVE-2023-2216 Campcodes Coffee Shop POS System Users.php cross site scripting
E
CVE-2023-2217 SourceCodester Task Reminder System manage_reminder.php sql injection
E
CVE-2023-2218 SourceCodester Task Reminder System manage_user.php sql injection
E
CVE-2023-2219 SourceCodester Task Reminder System Users.php cross site scripting
E
CVE-2023-2220 Dream Technology mica Form Object cross site scripting
E
CVE-2023-2221 WP Custom Cursors < 3.2 - Admin+ SQLi
E
CVE-2023-2222 Rejected reason: This was deemed not a security vulnerability by upstream....
R
CVE-2023-2223 Login Rebuilder < 2.8.1 - Admin+ Stored XSS
E
CVE-2023-2224 Seo By 10Web < 1.2.7 - Admin+ Stored XSS
E
CVE-2023-2225 SEO ALert <= 1.59 - Admin+ Stored XSS
E
CVE-2023-2226 Velociraptor crashes while parsing some malformed PE or OLE files.
S
CVE-2023-2227 Improper Authorization in modoboa/modoboa
E S
CVE-2023-2228 Cross-Site Request Forgery (CSRF) in modoboa/modoboa
E S
CVE-2023-2229 The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter i...
CVE-2023-2230 Rejected reason: Accidental Assignment...
R
CVE-2023-2231 MAXTECH MAX-G866ac Remote Management missing authentication
CVE-2023-2232 An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leadi...
E
CVE-2023-2233 Missing Authorization in GitLab
E S
CVE-2023-2234 BT HCI host union variant confusion
CVE-2023-2235 Use-after-free in Linux kernel's Performance Events subsystem
S
CVE-2023-2236 Use-after-free in Linux kernel's Performance Events subsystem
E S
CVE-2023-2237 The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter ...
S
CVE-2023-2238 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2239 Exposure of Private Personal Information to an Unauthorized Actor in microweber/microweber
S
CVE-2023-2240 Improper Privilege Management in microweber/microweber
S
CVE-2023-2241 PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow
E S
CVE-2023-2242 SourceCodester Online Computer and Laptop Store GET Parameter sql injection
E
CVE-2023-2243 SourceCodester Complaint Management System POST Parameter registration.php sql injection
E
CVE-2023-2244 SourceCodester Online Eyewear Shop GET Parameter update_status.php sql injection
E
CVE-2023-2245 hansunCMS unrestricted upload
E
CVE-2023-2246 SourceCodester Online Pizza Ordering System unrestricted upload
E
CVE-2023-2247 In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable ...
CVE-2023-2248 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2023-2249 The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forge...
S
CVE-2023-2250 A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes wh...
S
CVE-2023-2251 Uncaught Exception in eemeli/yaml
E S
CVE-2023-2252 Directorist < 7.5.4 - Admin+ LFI
E
CVE-2023-2253 A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parame...
CVE-2023-2254 Ko-fi Button < 1.3.3 - Admin+ Stored XSS
E
CVE-2023-2255 Remote documents loaded without prompt via IFrame
CVE-2023-2256 Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting
E
CVE-2023-2257 Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and ea...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
E S
CVE-2023-2259 Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io
E S
CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io
E S
CVE-2023-2261 The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capa...
S
CVE-2023-2262 Rockwell Automation Select Logix Communication Modules Vulnerable to Email Object Buffer Overflow
S
CVE-2023-2263 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A – CIP Message Attack Could Cause Denial-Of-Service
S
CVE-2023-2264 Improper input validition could lead to code injection
CVE-2023-2265 Improper restriction of rendered UI layers or frames could lead to clickjacking attack
CVE-2023-2266 Improper neutralization of input during web page generation could lead to cross-site scripting based attacks
CVE-2023-2267 Improper input validation could lead to reflection injection attacks
CVE-2023-2268 Plane v0.7.1 - Unauthorized access to files
E
CVE-2023-2269 A denial of service problem was found, due to a possible recursive locking scenario, resulting in a ...
CVE-2023-2270 Local privilege escalation
S
CVE-2023-2271 Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF
E
CVE-2023-2272 Tiempo.com <= 0.1.2 - Reflected XSS
E
CVE-2023-2273 Rapid7 Insight Agent Directory Traversal
CVE-2023-2275 The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorize...
S
CVE-2023-2276 The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vu...
S
CVE-2023-2277 The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up...
E S
CVE-2023-2278 The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, a...
E S
CVE-2023-2279 The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up...
S
CVE-2023-2280 The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and los...
S
CVE-2023-2281 Archiving a team broadcasts unsanitized data over WebSockets
S
CVE-2023-2282 Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 an...
CVE-2023-2283 A vulnerability was found in libssh, where the authentication check of the connecting client can be ...
CVE-2023-2284 The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data ...
S
CVE-2023-2285 The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers...
S
CVE-2023-2286 The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and...
S
CVE-2023-2287 Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
E
CVE-2023-2288 Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization
E
CVE-2023-2289 The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scrip...
S
CVE-2023-2290 A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with l...
S
CVE-2023-2291 Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build...
E
CVE-2023-2293 SourceCodester Purchase Order Management System cross site scripting
E
CVE-2023-2294 UCMS Column Configuration saddpost.php cross site scripting
E
CVE-2023-2295 A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggress...
CVE-2023-2296 Loginizer 1.7.8 - Reflected XSS
E
CVE-2023-2297 The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to u...
E S
CVE-2023-2298 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable t...
S
CVE-2023-2299 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable t...
S
CVE-2023-2300 The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
S
CVE-2023-2301 The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery i...
S
CVE-2023-2302 The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Sit...
S
CVE-2023-2303 The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Reque...
S
CVE-2023-2304 The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favori...
S
CVE-2023-2305 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm...
E S
CVE-2023-2306 Qognify NiceVision Use of Hard-coded Credentials
S
CVE-2023-2307 Cross-Site Request Forgery (CSRF) in builderio/qwik
E S
CVE-2023-2309 wpForo Forum < 2.1.9 - Reflected Cross-Site Scripting
E
CVE-2023-2310 Channel Accessible by Non-Endpoint
CVE-2023-2311 Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a...
E
CVE-2023-2312 Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attack...
CVE-2023-2313 Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a...
E
CVE-2023-2314 Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote at...
E
CVE-2023-2315 Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2
E S
CVE-2023-2316 Typora Local File Disclosure
E M
CVE-2023-2317 Typora DOM-Based Cross-site Scripting leading to Remote Code Execution
E M
CVE-2023-2318 MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution
E
CVE-2023-2319 It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red H...
CVE-2023-2320 CF7 Google Sheets Connector < 5.0.2 - Reflected XSS
E
CVE-2023-2321 WPForms Google Sheet Connector < 3.4.6 - Reflected XSS
E
CVE-2023-2322 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-2323 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-2324 Elementor Forms Google Sheet Connector < 1.0.7 - Reflected XSS
E
CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web
S
CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
E
CVE-2023-2327 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-2328 Cross-site Scripting (XSS) - Generic in pimcore/pimcore
E S
CVE-2023-2329 WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF
E
CVE-2023-2330 Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF
E
CVE-2023-2331 Bypassing hardening via Unquoted Service path vulnerability
S
CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore
E S
CVE-2023-2333 Ninja Forms Google Sheet Connector < 1.2.7 - Reflected XSS
E
CVE-2023-2334 Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF
E
CVE-2023-2335 Plaintext Password in Registry
M
CVE-2023-2336 Path Traversal in pimcore/pimcore
E S
CVE-2023-2337 ConvertKit < 2.2.1 - Reflected XSS
E
CVE-2023-2338 SQL Injection in pimcore/pimcore
E S
CVE-2023-2339 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
E S
CVE-2023-2340 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-2341 Cross-site Scripting (XSS) - Generic in pimcore/pimcore
E S
CVE-2023-2342 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
E S
CVE-2023-2343 Cross-site Scripting (XSS) - DOM in pimcore/pimcore
E S
CVE-2023-2344 SourceCodester Service Provider Management System HTTP POST Request sql injection
E
CVE-2023-2345 SourceCodester Service Provider Management System improper authorization
CVE-2023-2346 SourceCodester Service Provider Management System view_inquiry.php sql injection
E
CVE-2023-2347 SourceCodester Service Provider Management System manage_service.php sql injection
E
CVE-2023-2348 SourceCodester Service Provider Management System manage_user.php sql injection
E
CVE-2023-2349 SourceCodester Service Provider Management System index.php cross site scripting
E
CVE-2023-2350 SourceCodester Service Provider Management System Users.php cross site scripting
E
CVE-2023-2351 The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and los...
E S
CVE-2023-2352 The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi...
S
CVE-2023-2353 The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update...
S
CVE-2023-2354 The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adm...
S
CVE-2023-2355 Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected...
S
CVE-2023-2356 Relative Path Traversal in mlflow/mlflow
E S
CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format
CVE-2023-2359 Revolution Slider <= 6.6.12 - Author+ Remote Code Execution
E
CVE-2023-2360 Sensitive information disclosure due to CORS misconfiguration. The following products are affected: ...
CVE-2023-2361 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-2362 Multiple Plugins from Wow-Company - Reflected XSS
E
CVE-2023-2363 SourceCodester Resort Reservation System view_room.php sql injection
E
CVE-2023-2364 SourceCodester Resort Reservation System registration.php cross site scripting
E
CVE-2023-2365 SourceCodester Faculty Evaluation System sql injection
E
CVE-2023-2366 SourceCodester Faculty Evaluation System sql injection
E
CVE-2023-2367 SourceCodester Faculty Evaluation System manage_academic.php sql injection
E
CVE-2023-2368 SourceCodester Faculty Evaluation System sql injection
E
CVE-2023-2369 SourceCodester Faculty Evaluation System manage_restriction.php sql injection
E
CVE-2023-2370 SourceCodester Online DJ Management System GET Parameter manage_event.php sql injection
E
CVE-2023-2371 SourceCodester Online DJ Management System GET Parameter view_details.php sql injection
E
CVE-2023-2372 SourceCodester Online DJ Management System cross site scripting
E
CVE-2023-2373 Ubiquiti EdgeRouter X Web Management Interface command injection
E
CVE-2023-2374 Ubiquiti EdgeRouter X Web Management Interface command injection
E
CVE-2023-2375 Ubiquiti EdgeRouter X Web Management Interface command injection
E
CVE-2023-2376 Ubiquiti EdgeRouter X Web Management Interface command injection
E
CVE-2023-2377 Ubiquiti EdgeRouter X Web Management Interface command injection
E
CVE-2023-2378 Ubiquiti EdgeRouter X Web Management Interface command injection
E
CVE-2023-2379 Ubiquiti EdgeRouter X Web Service denial of service
E
CVE-2023-2380 Netgear SRX5308 denial of service
E
CVE-2023-2381 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2382 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2383 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2384 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2385 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2386 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2387 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2388 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2389 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2390 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2391 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2392 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2393 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2394 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2395 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2396 Netgear SRX5308 Web Management Interface cross site scripting
E
CVE-2023-2397 SourceCodester Simple Mobile Comparison Website cross site scripting
E
CVE-2023-2398 Icegram Engage < 3.1.12 - Reflected XSS
E
CVE-2023-2399 qubotchat < 1.1.6 - Unauthenticated Stored XSS
E
CVE-2023-2400 Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and ear...
CVE-2023-2401 Qubotchat < 1.1.6 – Admin+ Stored XSS
E
CVE-2023-2402 The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected ...
S
CVE-2023-2404 The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripti...
E
CVE-2023-2405 The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forger...
E
CVE-2023-2406 The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Paym...
E
CVE-2023-2407 The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Paym...
E
CVE-2023-2408 SourceCodester AC Repair and Services System view.php sql injection
E
CVE-2023-2409 SourceCodester AC Repair and Services System view_service.php sql injection
E
CVE-2023-2410 SourceCodester AC Repair and Services System view_booking.php sql injection
E
CVE-2023-2411 SourceCodester AC Repair and Services System view_inquiry.php sql injection
E
CVE-2023-2412 SourceCodester AC Repair and Services System manage_user.php sql injection
E
CVE-2023-2413 SourceCodester AC Repair and Services System manage_booking.php sql injection
E
CVE-2023-2414 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File Upload
E S
CVE-2023-2415 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable t...
E
CVE-2023-2416 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable t...
E
CVE-2023-2417 ks-soft Advanced Host Monitor rma_active.exe unquoted search path
E
CVE-2023-2418 Konga Login API random values
E
CVE-2023-2419 Zhong Bang CRMEB SystemAttachmentServices.php videoUpload unrestricted upload
E
CVE-2023-2420 MLECMS common.func.php get_url sql injection
E
CVE-2023-2421 Control iD RHiD department cross site scripting
E
CVE-2023-2422 Keycloak: oauth client impersonation
CVE-2023-2423 Rockwell Automation Armor PowerFlex Vulnerable to Denial-Of-Service
S
CVE-2023-2424 DedeCMS config.php UpDateMemberModCache unrestricted upload
E
CVE-2023-2425 SourceCodester Simple Student Information System Add New Course cross site scripting
E
CVE-2023-2426 Use of Out-of-range Pointer Offset in vim/vim
E S
CVE-2023-2427 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
E S
CVE-2023-2428 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
S
CVE-2023-2429 Improper Access Control in thorsten/phpmyfaq
S
CVE-2023-2430 A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_ur...
S
CVE-2023-2431 Bypass of seccomp profile enforcement
S
CVE-2023-2433 The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' paramete...
S
CVE-2023-2434 The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing ca...
S
CVE-2023-2435 The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and i...
S
CVE-2023-2436 The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_...
S
CVE-2023-2437 The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and inclu...
E
CVE-2023-2438 The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and ...
CVE-2023-2439 The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shor...
CVE-2023-2440 The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and ...
CVE-2023-2442 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11...
CVE-2023-2443 Rockwell Automation ThinManager product allows the use of medium strength ciphers.  If the client r...
S
CVE-2023-2444 A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint...
S
CVE-2023-2445 Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earli...
CVE-2023-2446 The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro'...
CVE-2023-2447 The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and ...
CVE-2023-2448 The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capab...
CVE-2023-2449 The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, an...
CVE-2023-2450 The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site...
S
CVE-2023-2451 SourceCodester Online DJ Management System GET Parameter view_details.php sql injection
E
CVE-2023-2452 The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin...
S
CVE-2023-2453 Local file Inclusion (LFI) in Forum Infusion via Directory Traversal
M
CVE-2023-2454 schema_element defeats protective search_path changes; It was found that certain database calls in P...
CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect po...
CVE-2023-2457 Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 al...
CVE-2023-2458 Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a rem...
CVE-2023-2459 Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att...
CVE-2023-2460 Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 all...
CVE-2023-2461 Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote att...
CVE-2023-2462 Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att...
CVE-2023-2463 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 ...
CVE-2023-2464 Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an ...
CVE-2023-2465 Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attack...
CVE-2023-2466 Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att...
CVE-2023-2467 Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a...
CVE-2023-2468 Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a r...
CVE-2023-2469 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2470 Add to Feedly <= 1.2.11 - Admin+ Stored XSS
E
CVE-2023-2472 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS
E
CVE-2023-2473 Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity
CVE-2023-2474 Rebuild cross-site request forgery
E
CVE-2023-2475 Dromara J2eeFAST System Message cross site scripting
E S
CVE-2023-2476 Dromara J2eeFAST Announcement cross site scripting
E S
CVE-2023-2477 Funadmin Cx.php tagLoad cross site scripting
E
CVE-2023-2478 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7...
CVE-2023-2479 OS Command Injection in appium/appium-desktop
E S
CVE-2023-2480 Elevation of Privilege in M-Files Desktop Client
S
CVE-2023-2481 Key duplication in GSDK
S
CVE-2023-2482 Responsive CSS EDITOR <= 1.0 - Admin+ SQLi
E
CVE-2023-2483 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidat...
R
CVE-2023-2484 The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via ...
S
CVE-2023-2485 Incorrect Privilege Assignment in GitLab
CVE-2023-2487 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure
CVE-2023-2488 Stop Spammers Security < 2023 - Reflected XSS
E
CVE-2023-2489 Stop Spammers Security < 2023 - Admin+ Stored XSS
E
CVE-2023-2490 WordPress UserAgent-Spy Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-2491 A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "or...
CVE-2023-2492 QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi
E
CVE-2023-2493 All In One Redirection < 2.2.0 - Admin+ SQLi
E
CVE-2023-2494 The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthori...
CVE-2023-2495 Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update
E
CVE-2023-2496 The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthori...
CVE-2023-2497 The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and ...
CVE-2023-2498 The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cr...
CVE-2023-2499 The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to,...
S
CVE-2023-2500 The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Objec...
CVE-2023-2501 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-2502 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-2503 10WebSocial < 1.2.9 - Reflected XSS
E
CVE-2023-2504 Files present on firmware images could allow an attacker to gain unauthorized access as a root ...
S
CVE-2023-2505 The affected products have a CSRF vulnerability that could allow an attacker to execute code and up...
S
CVE-2023-2507 CleverTap Cordova Plugin 2.6.2 - Reflected XSS
E
CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing
E
CVE-2023-2509 A Cross-Site Scripting(XSS) vulnerability was found on ADM
CVE-2023-2510 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-2511 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-2512 Buffer under-read in workerd
CVE-2023-2513 A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled...
S
CVE-2023-2514 DB username/password revealed in application logs
S
CVE-2023-2515 Privilege escalation to system admin via personal access tokens
S
CVE-2023-2516 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-2517 The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request ...
S
CVE-2023-2518 Easy Forms for Mailchimp < 6.8.9 - Reflected XSS
E
CVE-2023-2519 Caton CTP Relay Server API login sql injection
CVE-2023-2520 Caton Prime Ping command injection
CVE-2023-2521 NEXTU NEXT-7004N POST Request formFilter cross site scripting
CVE-2023-2522 Chengdu VEC40G Network Detection os command injection
E
CVE-2023-2523 Weaver E-Office unrestricted upload
E
CVE-2023-2524 Control iD RHiD direct request
CVE-2023-2526 The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up...
S
CVE-2023-2527 Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
E
CVE-2023-2528 The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in ve...
CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
E
CVE-2023-2530 A privilege escalation allowing remote code execution was discovered in the orchestration service....
CVE-2023-2531 Improper Restriction of Excessive Authentication Attempts in azuracast/azuracast
E S
CVE-2023-2533 PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF
E
CVE-2023-2534 Information disclouse and DoS via websocket push events
S
CVE-2023-2535 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2536 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2537 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2538 TLS Private Key Accessible to External Parties
CVE-2023-2539 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2540 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2541 Sensitive information disclosure in KNIME Hub Web Application
S
CVE-2023-2544 Authorization Bypass on UPV PEIX
S
CVE-2023-2545 The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a mi...
S
CVE-2023-2546 The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, an...
S
CVE-2023-2547 The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a miss...
S
CVE-2023-2548 The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in ver...
S
CVE-2023-2549 The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions ...
S
CVE-2023-2550 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
E S
CVE-2023-2551 PHP Remote File Inclusion in unilogies/bumsys
E S
CVE-2023-2552 Cross-Site Request Forgery (CSRF) in unilogies/bumsys
E S
CVE-2023-2553 Cross-site Scripting (XSS) - Stored in unilogies/bumsys
E S
CVE-2023-2554 External Control of File Name or Path in unilogies/bumsys
E S
CVE-2023-2555 The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthoriz...
S
CVE-2023-2556 The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthoriz...
S
CVE-2023-2557 The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthoriz...
S
CVE-2023-2558 The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cro...
S
CVE-2023-2560 jja8 NewBingGoGo cross site scripting
E
CVE-2023-2561 The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missin...
CVE-2023-2562 The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capa...
CVE-2023-2563 The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forg...
S
CVE-2023-2564 OS Command Injection in sbs20/scanservjs
E S
CVE-2023-2565 SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting
E
CVE-2023-2566 Cross-site Scripting (XSS) - Stored in openemr/openemr
E S
CVE-2023-2567 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0
S
CVE-2023-2568 Photo Gallery by Ays < 5.1.7 - Reflected XSS
E
CVE-2023-2569 A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, eleva...
CVE-2023-2570 A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-...
CVE-2023-2571 Quiz Maker < 6.4.2.7 - Reflected XSS
E
CVE-2023-2572 Survey Maker < 3.4.7 - Reflected XSS
E
CVE-2023-2573 Authenticated Command Injection
E S
CVE-2023-2574 Authenticated Command Injection
E S
CVE-2023-2575 Authenticated Buffer Overflow
E S
CVE-2023-2576 Incorrect Authorization in GitLab
E S
CVE-2023-2578 Buy Me a Coffee < 3.7 - Admin+ Stored XSS
E
CVE-2023-2579 InventoryPress <= 1.7 - Author+ Stored XSS
E
CVE-2023-2580 AI-Engine < 1.6.83 - Admin+ Stored XSS
E
CVE-2023-2582 A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-sit...
E
CVE-2023-2583 Code Injection in jsreport/jsreport
E S
CVE-2023-2584 The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settin...
S
CVE-2023-2585 Keycloak: client access via device auth request spoof
CVE-2023-2586 Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker regi...
CVE-2023-2587 Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) ...
CVE-2023-2588 Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to acce...
CVE-2023-2589 An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, ...
CVE-2023-2590 Missing Authorization in answerdev/answer
E S
CVE-2023-2591 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nilsteampassnet/teampass
E S
CVE-2023-2592 FormCraft Premium < 3.9.7 - Admin+ SQLi
E
CVE-2023-2594 SourceCodester Food Ordering Management System Registration sql injection
CVE-2023-2595 SourceCodester Billing Management System POST Parameter ajax_service.php sql injection
E
CVE-2023-2596 SourceCodester Online Reviewer System GET Parameter user-update.php sql injection
E
CVE-2023-2597 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled...
S
CVE-2023-2598 A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_ur...
CVE-2023-2599 The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery le...
S
CVE-2023-2600 Custom Base Terms < 1.0.3 - Admin+ Stored XSS
E
CVE-2023-2601 WP Brutal AI < 2.0.0 - SQL Injection via CSRF
E
CVE-2023-2602 A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicio...
E
CVE-2023-2603 A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead...
E
CVE-2023-2604 The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Sit...
S
CVE-2023-2605 WP Brutal AI < 2.0.1 - Admin+ Reflected XSS
E
CVE-2023-2606 WP Brutal AI < 2.06 - Admin+ Stored XSS
E
CVE-2023-2607 The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the o...
S
CVE-2023-2608 The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading...
S
CVE-2023-2609 NULL Pointer Dereference in vim/vim
E S
CVE-2023-2610 Integer Overflow or Wraparound in vim/vim
E S
CVE-2023-2611 Advantech R-SeeNet Use of Hard-coded Credentials
S
CVE-2023-2612 shiftfs lock unbalance in Ubuntu-specific kernels
S
CVE-2023-2614 Cross-site Scripting (XSS) - DOM in pimcore/pimcore
E S
CVE-2023-2615 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
E S
CVE-2023-2616 Cross-site Scripting (XSS) - Generic in pimcore/pimcore
E S
CVE-2023-2617 OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference
E S
CVE-2023-2618 OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak
S
CVE-2023-2619 SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection
E
CVE-2023-2620 Insertion of Sensitive Information Into Sent Data in GitLab
E S
CVE-2023-2621 The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write...
CVE-2023-2622 Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedu...
CVE-2023-2623 KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure
E
CVE-2023-2624 KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
E
CVE-2023-2625 A vulnerability exists that can be exploited by an authenticated client that is connected to the sam...
S
CVE-2023-2626 Authentication Bypass in OpenThread Boarder Router devices
CVE-2023-2627 KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls
E
CVE-2023-2628 KiviCare Management System < 3.2.1 - Multiple CSRF
E
CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework
E S
CVE-2023-2630 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-2631 CSRF vulnerability and missing permission checks in Code Dx Plugin
CVE-2023-2632 API keys stored and displayed in plain text by Code Dx Plugin
CVE-2023-2633 API keys stored and displayed in plain text by Code Dx Plugin
CVE-2023-2634 Get Your Number <= 1.1.3 - Admin+ Stored XSS
E
CVE-2023-2635 Call Now Accessibility Button < 1.1 - Admin+ Stored XSS
E
CVE-2023-2636 AN_GradeBook <= 5.0.1 - Subscriber+ SQLi
E
CVE-2023-2637 Rockwell Automation FactoryTalk System Services Vulnerable To Use Of Hard-Coded Cryptographic Key
S
CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
S
CVE-2023-2639 Rockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information Disclosure
S
CVE-2023-2640 On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking...
E S
CVE-2023-2641 SourceCodester Online Internship Management System POST Parameter login.php sql injection
E
CVE-2023-2642 SourceCodester Online Exam System GET Parameter updateCourse.php sql injection
E
CVE-2023-2643 SourceCodester File Tracker Manager System POST Parameter update_password.php sql injection
E
CVE-2023-2644 DigitalPersona FPSensor DpHost.exe unquoted search path
CVE-2023-2645 USR USR-G806 Web Management Page hard-coded password
E
CVE-2023-2646 TP-Link Archer C7v2 GET Request Parameter denial of service
CVE-2023-2647 Weaver E-Office File Upload utility_all.php command injection
E
CVE-2023-2648 Weaver E-Office uploadify.php unrestricted upload
E
CVE-2023-2649 Tenda AC23 Service Port 7329 ate command injection
E
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
S
CVE-2023-2652 SourceCodester Lost and Found Information System sql injection
E
CVE-2023-2653 SourceCodester Lost and Found Information System index.php sql injection
E
CVE-2023-2654 Conditional Menus < 1.2.1 - Reflected XSS
E
CVE-2023-2655 Contact Form by WD <= 1.13.23 - Admin+ SQLi
E
CVE-2023-2656 SourceCodester AC Repair and Services System sql injection
E
CVE-2023-2657 SourceCodester Online Computer and Laptop Store products.php cross site scripting
E
CVE-2023-2658 SourceCodester Online Computer and Laptop Store products.php sql injection
E
CVE-2023-2659 SourceCodester Online Computer and Laptop Store view_product.php sql injection
E
CVE-2023-2660 SourceCodester Online Computer and Laptop Store view_categories.php sql injection
E
CVE-2023-2661 SourceCodester Online Computer and Laptop Store Master.php sql injection
E
CVE-2023-2662 Divide-by-zero in Xpdf 4.04 due to bad color space object
E
CVE-2023-2663 Stack overflow in Xpdf 4.04 due to object loop in PDF page label tree
E
CVE-2023-2664 Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree
E
CVE-2023-2665 Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis
S
CVE-2023-2666 Allocation of Resources Without Limits or Throttling in froxlor/froxlor
S
CVE-2023-2667 SourceCodester Lost and Found Information System cross site scripting
E
CVE-2023-2668 SourceCodester Lost and Found Information System GET Parameter manager_category sql injection
E
CVE-2023-2669 SourceCodester Lost and Found Information System GET Parameter sql injection
E
CVE-2023-2670 SourceCodester Lost and Found Information System access control
E
CVE-2023-2671 SourceCodester Lost and Found Information System Contact Form cross site scripting
E
CVE-2023-2672 SourceCodester Lost and Found Information System GET Parameter view.php sql injection
E
CVE-2023-2673 PHOENIX CONTACT: FL/TC MGUARD prone to Improper Input Validation
M
CVE-2023-2674 Improper Access Control in openemr/openemr
E S
CVE-2023-2675 Improper Restriction of Excessive Authentication Attempts in linagora/twake
E S
CVE-2023-2676 H3C R160 aspForm stack-based overflow
E
CVE-2023-2677 SourceCodester Covid-19 Contact Tracing System manage.php sql injection
E
CVE-2023-2678 SourceCodester File Tracker Manager System POST Parameter save_user.php cross site scripting
E
CVE-2023-2679 Data leakage in Adobe connector for SPE edition of SLM
S
CVE-2023-2680 Dma reentrancy issue (incomplete fix for cve-2021-3750)
CVE-2023-2681 SQL Injection on Jorani
S
CVE-2023-2682 Caton Live Mini_HTTPD ping.cgi command injection
CVE-2023-2683 Connection update while closing connection may lead to denial-of-service
CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-2685 Unquoted Service Path in ABB AO-OPC
M
CVE-2023-2686 Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier...
S
CVE-2023-2687 Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user t...
S
CVE-2023-2688 The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path...
S
CVE-2023-2689 SourceCodester Billing Management System GET Parameter editproduct.php sql injection
E
CVE-2023-2690 SourceCodester Personnel Property Equipment System GET Parameter returned_reuse_form.php sql injection
E
CVE-2023-2691 SourceCodester Personnel Property Equipment System POST Parameter add_item.php cross site scripting
E
CVE-2023-2692 SourceCodester ICT Laboratory Management System GET Parameter room_info.php cross site scripting
E
CVE-2023-2693 SourceCodester Online Exam System POST Parameter data sql injection
E
CVE-2023-2694 SourceCodester Online Exam System POST Parameter data sql injection
E
CVE-2023-2695 SourceCodester Online Exam System POST Parameter data sql injection
E
CVE-2023-2696 SourceCodester Online Exam System POST Parameter data sql injection
E
CVE-2023-2697 SourceCodester Online Exam System POST Parameter data sql injection
E
CVE-2023-2698 SourceCodester Lost and Found Information System GET Parameter sql injection
E
CVE-2023-2699 SourceCodester Lost and Found Information System GET Parameter sql injection
E
CVE-2023-2700 A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IO...
S
CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS
E
CVE-2023-2702 IDOR in Finex Media's Competition Management System
S
CVE-2023-2703 Information Disclosure in Finex Media's Competition Management System
S
CVE-2023-2704 The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to,...
E S
CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
E
CVE-2023-2706 The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypas...
S
CVE-2023-2707 Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS
E
CVE-2023-2708 The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘sear...
CVE-2023-2709 AN_GradeBook <= 5.0.1 - Admin+ XSS
E
CVE-2023-2710 The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site S...
CVE-2023-2711 Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
E
CVE-2023-2712 Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.
CVE-2023-2713 IDOR vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.
CVE-2023-2714 The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a miss...
CVE-2023-2715 The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a miss...
CVE-2023-2716 The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of...
CVE-2023-2717 The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a...
CVE-2023-2718 Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2023-2719 SupportCandy < 3.1.7 - Subscriber+ SQLi
E
CVE-2023-2721 Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to p...
CVE-2023-2722 Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote a...
CVE-2023-2723 Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who ha...
CVE-2023-2724 Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potential...
CVE-2023-2725 Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convin...
CVE-2023-2726 Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an ...
CVE-2023-2727 Bypassing policies imposed by the ImagePolicyWebhook admission plugin
S
CVE-2023-2728 Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
S
CVE-2023-2729 Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskS...
CVE-2023-2730 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-2731 A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c...
E S
CVE-2023-2732 The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and in...
S
CVE-2023-2733 The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and in...
S
CVE-2023-2734 The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and in...
S
CVE-2023-2735 The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' s...
CVE-2023-2736 The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a...
CVE-2023-2737 Improper securing of log directory may allow a denial of service
CVE-2023-2738 Tongda OA GatewayController.php actionGetdata unrestricted upload
E
CVE-2023-2739 Gira HomeServer hslist cross site scripting
CVE-2023-2740 SourceCodester Guest Management System GET Parameter dateTest.php cross site scripting
E
CVE-2023-2742 AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-2743 WP ERP < 1.12.4 - Reflected Cross-Site Scripting
E
CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection
E
CVE-2023-2745 WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘...
S
CVE-2023-2746 Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack
S
CVE-2023-2747 Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
CVE-2023-2749 A Gain Information vulnerability was found on Download Center.
CVE-2023-2750 SQLi in Cityboss Software's E-municipality
CVE-2023-2751 Upload Resume <= 1.2.0 - Captcha Bypass
E
CVE-2023-2752 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
S
CVE-2023-2753 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
S
CVE-2023-2754 Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client
S
CVE-2023-2756 SQL Injection in pimcore/customer-data-framework
E S
CVE-2023-2757 The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to ...
CVE-2023-2758 Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service
E
CVE-2023-2759 TAPHOME Improper Authentication in Core Platform
CVE-2023-2760 TAPHOME SQL Injection in Core Platform
CVE-2023-2761 User Activity Log < 1.6.3 - Admin+ SQL Injection
E
CVE-2023-2762 Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
CVE-2023-2763 Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
CVE-2023-2764 The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a ...
S
CVE-2023-2765 Weaver OA downfile.php absolute path traversal
E
CVE-2023-2766 Weaver OA jx2_config.ini file access
E
CVE-2023-2767 The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stor...
S
CVE-2023-2768 Sucms cross site scripting
E S
CVE-2023-2769 SourceCodester Service Provider Management System sql injection
E
CVE-2023-2770 SourceCodester Online Exam System data sql injection
E
CVE-2023-2771 SourceCodester Online Exam System data sql injection
E
CVE-2023-2772 SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection
E
CVE-2023-2773 code-projects Bus Dispatch and Information System view_admin.php sql injection
E S
CVE-2023-2774 code-projects Bus Dispatch and Information System view_branch.php sql injection
E S
CVE-2023-2775 code-projects Bus Dispatch and Information System adminHome.php sql injection
E S
CVE-2023-2776 code-projects Simple Photo Gallery unrestricted upload
CVE-2023-2778 Rockwell Automation FactoryTalk Transaction Manager Vulnerable to Denial-Of-Service
S
CVE-2023-2779 Super Socializer < 7.13.52 - Reflected XSS
E
CVE-2023-2780 Path Traversal: '\..\filename' in mlflow/mlflow
E S
CVE-2023-2781 The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication byp...
S
CVE-2023-2782 Sensitive information disclosure due to improper authorization. The following products are affected:...
CVE-2023-2783 App Framework does not checks for the secret provided in the incoming webhook request
S
CVE-2023-2784 Apps Framework allows install requests from regular members via an internal path
S
CVE-2023-2785 Specially crafted search query can cause large log entries in postgres
S
CVE-2023-2786 Channel commands execution doesn't properly verify permissions
S
CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels
S
CVE-2023-2788 Deactivated user can retain access using oauth2 api
S
CVE-2023-2789 GNU cflow parser.c parse_variable_declaration denial of service
E
CVE-2023-2790 TOTOLINK N200RE Telnet Service custom.conf password in configuration file
E
CVE-2023-2791 Playbooks lets you edit arbitrary posts
S
CVE-2023-2792 Ephemeral messages return private channel contents in permalink previews
S
CVE-2023-2793 Stack exhaustion in PreparePostForClientWithEmbedsAndImages
S
CVE-2023-2794 Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver() function
CVE-2023-2795 CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting
E
CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access
E
CVE-2023-2797 Path traversal in GitHub plugin's code preview feature
S
CVE-2023-2798 Denial of service in HtmlUnit
S
CVE-2023-2799 cnoa OA hard-coded password
E
CVE-2023-2800 Insecure Temporary File in huggingface/transformers
E S
CVE-2023-2801 Grafana is an open-source platform for monitoring and observability. Using public dashboards users...
CVE-2023-2802 Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS
E
CVE-2023-2803 Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS
E
CVE-2023-2804 A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal(...
E S
CVE-2023-2805 SupportCandy < 3.1.7 - Admin+ SQLi
E
CVE-2023-2806 Weaver e-cology API RequestInfoByXml xml external entity reference
E
CVE-2023-2807 Authentication bypass in password reset process
S
CVE-2023-2808 Lack of URL normalization allows rendering previews for disallowed domains
S
CVE-2023-2809 Use of Cleartext credentials in Sage 200 Spain
S
CVE-2023-2811 AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-2812 Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS
E
CVE-2023-2813 Multiple Themes - Reflected XSS
E
CVE-2023-2814 SourceCodester Class Scheduling System POST Parameter save_teacher.php cross site scripting
E
CVE-2023-2815 SourceCodester Online Jewelry Store POST Parameter supplier.php sql injection
E
CVE-2023-2816 Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
CVE-2023-2817 A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4....
S
CVE-2023-2818 ITM Windows Agent Insecure Filesystem Permissions
CVE-2023-2819 A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat ...
CVE-2023-2820 An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat ...
CVE-2023-2822 Ellucian Ethos Identity logout cross site scripting
E
CVE-2023-2823 SourceCodester Class Scheduling System GET Parameter edit_subject.php sql injection
E
CVE-2023-2824 SourceCodester Dental Clinic Appointment Reservation System POST Parameter service.php cross site scripting
E
CVE-2023-2825 An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malic...
CVE-2023-2826 SourceCodester Class Scheduling System POST Parameter search_teacher_result.php cross site scripting
E
CVE-2023-2827 Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital
CVE-2023-2828 named's configured cache size limit can be significantly exceeded
S
CVE-2023-2829 Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled
S
CVE-2023-2830 WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-2831 Denial of Service while unescaping a Markdown string
S
CVE-2023-2832 SQL Injection in unilogies/bumsys
E S
CVE-2023-2833 The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and includ...
E
CVE-2023-2834 The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and includ...
E S
CVE-2023-2835 The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's...
E S
CVE-2023-2836 The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form setti...
E S
CVE-2023-2837 Stack-based Buffer Overflow in gpac/gpac
E S
CVE-2023-2838 Out-of-bounds Read in gpac/gpac
E S
CVE-2023-2839 Divide By Zero in gpac/gpac
E S
CVE-2023-2840 NULL Pointer Dereference in gpac/gpac
E S
CVE-2023-2841 The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injec...
CVE-2023-2842 WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
E
CVE-2023-2843 MultiParcels Shipping For WooCommerce < 1.14.15 - Subscribers+ SQLi
E
CVE-2023-2844 Authorization Bypass Through User-Controlled Key in cloudexplorer-dev/cloudexplorer-lite
E S
CVE-2023-2845 Improper Access Control in cloudexplorer-dev/cloudexplorer-lite
E S
CVE-2023-2846 Authentication Bypass Vulnerability in MELSEC-F Series main module
M
CVE-2023-2847 Local privilege escalation in ESET products for Linux and MacOS
CVE-2023-2848 Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was ...
S
CVE-2023-2850 NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of th...
S
CVE-2023-2851 SQLi in Ceppatron
S
CVE-2023-2852 SQLi in SoftMed's SelfPatron
CVE-2023-2853 XSS in SoftMed's SelfPatron
CVE-2023-2854 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via c...
E S
CVE-2023-2855 Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service vi...
E S
CVE-2023-2856 VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of se...
E S
CVE-2023-2857 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via c...
E S
CVE-2023-2858 NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service...
E S
CVE-2023-2859 Code Injection in nilsteampassnet/teampass
E S
CVE-2023-2860 Out-of-bounds read when setting hmac data
S
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
S
CVE-2023-2862 SiteServer CMS search cross site scripting
E S
CVE-2023-2863 Simple Design Daily Journal SQLite Database cleartext storage in a file or on disk
E
CVE-2023-2864 SourceCodester Online Jewelry Store POST Parameter customer.php cross site scripting
E
CVE-2023-2865 SourceCodester Theme Park Ticketing System GET Parameter print_ticket.php sql injection
E
CVE-2023-2866 Advantech WebAccess Insufficient Type Distinction
S
CVE-2023-2868 Remote Code injection in Barracuda Email Security Gateway
KEV M
CVE-2023-2869 The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update ...
S
CVE-2023-2870 EnTech Monitor Asset Manager IoControlCode 0x80002014 denial of service
E
CVE-2023-2871 FabulaTech USB for Remote Desktop IoControlCode 0x220408 null pointer dereference
E
CVE-2023-2872 FlexiHub IoControlCode fusbhub.sys 0x220088 null pointer dereference
E
CVE-2023-2873 Twister Antivirus IoControlCode filppd.sys 0x80800043 memory corruption
E
CVE-2023-2874 Twister Antivirus IoControlCode filppd.sys 0x804f2140 denial of service
E
CVE-2023-2875 eScan Antivirus IoControlCode PROCOBSRVESX.SYS 0x22E008u null pointer dereference
E
CVE-2023-2876 Session cookie exposure for client side script
CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
E
CVE-2023-2878 Kubernetes secrets-store-csi-driver discloses service account tokens in logs
E M
CVE-2023-2879 GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via pac...
E S
CVE-2023-2880 Frauscher Sensortechnik Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability
CVE-2023-2881 Storing Passwords in a Recoverable Format in pimcore/customer-data-framework
S
CVE-2023-2882 Privilege Escalation in CBOT's Chatbot
S
CVE-2023-2883 IDOR in CBOT's Chatbot
S
CVE-2023-2884 Insecure Randomness in CBOT's Chatbot
S
CVE-2023-2885 Channel Accessible by Non-Endpoint in CBOT's Chatbot
S
CVE-2023-2886 Cross-Site WebSocket Hijacking in CBOT's Chatbot
S
CVE-2023-2887 User Authentication Bypass in CBOT's Chatbot
S
CVE-2023-2888 PHPOK unrestricted upload
E
CVE-2023-2889 SQLi in Veon Computer's Service Tracking Software
CVE-2023-2891 The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ...
S
CVE-2023-2892 The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ...
S
CVE-2023-2893 The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ...
S
CVE-2023-2894 The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ...
S
CVE-2023-2895 The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ...
S
CVE-2023-2896 The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ...
S
CVE-2023-2897 The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, ...
S
CVE-2023-2898 There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux k...
S
CVE-2023-2899 Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS
E
CVE-2023-2900 NFine Rapid Development Platform CheckLogin weak hash
E
CVE-2023-2901 NFine Rapid Development Platform access control
E
CVE-2023-2902 NFine Rapid Development Platform access control
E
CVE-2023-2903 NFine Rapid Development Platform access control
E
CVE-2023-2904 CVE-2023-2904
CVE-2023-2905 Cesanta Mongoose MQTT Message Parsing Heap Overflow
E S
CVE-2023-2906 Wireshark CP2179 divide by zero
E S
CVE-2023-2907 SQLi in Marksoft
CVE-2023-2908 Libtiff: null pointer dereference in tif_dir.c
E S
CVE-2023-2909 A Directory traversal vulnerability was found on EZ Sync service of ADM
CVE-2023-2910 A Command injection vulnerability was found on Printer service of ADM
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0
S
CVE-2023-2912 SiteManager Embedded service disruption
CVE-2023-2913 Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability
S
CVE-2023-2914 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
S
CVE-2023-2915 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
S
CVE-2023-2916 The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versio...
E S
CVE-2023-2917 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
S
CVE-2023-2918 Rejected reason: Duplicate Assignment....
R
CVE-2023-2919 Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'
S
CVE-2023-2920 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1503. Reason: T...
R
CVE-2023-2922 SourceCodester Comment System GET Parameter index.php cross site scripting
E
CVE-2023-2923 Tenda AC6 fromDhcpListClient stack-based overflow
E
CVE-2023-2924 Supcon SimField reportupload.aspx unrestricted upload
E
CVE-2023-2925 Webkul krayin crm Edit Person Page 2 cross site scripting
E
CVE-2023-2926 SeaCMS Picture Upload member.php denial of service
E
CVE-2023-2927 JIZHICMS TemplateController.php index server-side request forgery
E
CVE-2023-2928 DedeCMS article_allowurl_edit.php code injection
E
CVE-2023-2929 Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker...
CVE-2023-2930 Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinc...
CVE-2023-2931 Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potential...
CVE-2023-2932 Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potential...
CVE-2023-2933 Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potential...
CVE-2023-2934 Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacke...
CVE-2023-2935 Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentiall...
CVE-2023-2936 Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentiall...
CVE-2023-2937 Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a...
CVE-2023-2938 Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a...
CVE-2023-2939 Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed...
CVE-2023-2940 Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacke...
CVE-2023-2941 Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an at...
CVE-2023-2942 Improper Input Validation in openemr/openemr
E S
CVE-2023-2943 Code Injection in openemr/openemr
E S
CVE-2023-2944 Improper Access Control in openemr/openemr
E S
CVE-2023-2945 Missing Authorization in openemr/openemr
E S
CVE-2023-2946 Improper Access Control in openemr/openemr
E S
CVE-2023-2947 Cross-site Scripting (XSS) - Stored in openemr/openemr
E S
CVE-2023-2948 Cross-site Scripting (XSS) - Generic in openemr/openemr
E S
CVE-2023-2949 Cross-site Scripting (XSS) - Reflected in openemr/openemr
E S
CVE-2023-2950 Improper Authorization in openemr/openemr
E S
CVE-2023-2951 code-projects Bus Dispatch and Information System delete_bus.php sql injection
E S
CVE-2023-2952 XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service...
E
CVE-2023-2953 A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_m...
CVE-2023-2954 Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog
E S
CVE-2023-2955 SourceCodester Students Online Internship Timesheet System GET Parameter rendered_report.php sql injection
E
CVE-2023-2957 SQLi in Lisa Softwares Florist Site
CVE-2023-2958 IDOR in ATS Pro
CVE-2023-2959 Authentication Bypass by Primary Weakness in Oliva Expertise
CVE-2023-2960 XSS in Oliva Expertise
CVE-2023-2961 A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availabil...
CVE-2023-2962 SourceCodester Faculty Evaluation System sql injection
E
CVE-2023-2963 SQLi in Oliva Expertise
CVE-2023-2964 Simple Iframe < 1.2.0 - Contributor+ Stored XSS
E
CVE-2023-2965 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-2967 TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-2968 Undefined variable usage in npm package "proxy" leads to remote denial of service
E
CVE-2023-2970 MindSpore json_helper.cc UpdateArray memory corruption
S
CVE-2023-2971 Typora Local File Disclosure
E M
CVE-2023-2972 Prototype Pollution in antfu/utils
E S
CVE-2023-2973 SourceCodester Students Online Internship Timesheet Syste cross site scripting
E
CVE-2023-2974 Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries
S
CVE-2023-2976 Use of temporary directory for file creation in `FileBackedOutputStream` in Guava
S
CVE-2023-2977 A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs1...
S
CVE-2023-2978 Abstrium Pydio Cells Change Subscription authorization
E S
CVE-2023-2979 Abstrium Pydio Cells User Creation access control
E S
CVE-2023-2980 Abstrium Pydio Cells User Creation resource injection
E S
CVE-2023-2981 Abstrium Pydio Cells Chat cross site scripting
E S
CVE-2023-2982 The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is...
CVE-2023-2983 Privilege Defined With Unsafe Actions in pimcore/pimcore
E S
CVE-2023-2984 Path Traversal: '\..\filename' in pimcore/pimcore
E S
CVE-2023-2985 A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This...
S
CVE-2023-2986 The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass ...
S
CVE-2023-2987 The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficient...
S
CVE-2023-2989 Fortra Globalscape Administration Server Out of Bounds Memory Read
E
CVE-2023-2990 Fortra Globalscape Administration Server Denial of Service
E
CVE-2023-2991 Fortra Globalscape Administration Server Information Disclosure
E
CVE-2023-2992 An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management...
S
CVE-2023-2993 A valid, authenticated user with limited privileges may be able to use specifically crafted web mana...
S
CVE-2023-2994 Rejected reason: This 2023 CVE was incorrectly assigned instead of a 2022 CVE....
R
CVE-2023-2995 Leyka < 3.30.4 - Admin+ Stored XSS
E
CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
E
CVE-2023-2998 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
S
CVE-2023-2999 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.