| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-23000 | In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node r... | S | |
| CVE-2023-23001 | In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get r... | S | |
| CVE-2023-23002 | In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_inde... | S | |
| CVE-2023-23003 | In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return va... | S | |
| CVE-2023-23004 | In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table ... | S | |
| CVE-2023-23005 | In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (... | S | |
| CVE-2023-23006 | In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c mis... | S | |
| CVE-2023-23007 | An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL inj... | E | |
| CVE-2023-23009 | Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restar... | E S | |
| CVE-2023-23010 | Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55... | E S | |
| CVE-2023-23011 | Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_... | E | |
| CVE-2023-23012 | Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to ... | E | |
| CVE-2023-23014 | Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5fe... | E | |
| CVE-2023-23015 | Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.... | E | |
| CVE-2023-23019 | Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 ... | | |
| CVE-2023-23021 | Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allo... | E | |
| CVE-2023-23022 | Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management s... | E | |
| CVE-2023-23024 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2023-23026 | Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, al... | E | |
| CVE-2023-23039 | An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race conditio... | S | |
| CVE-2023-23040 | TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin pa... | S | |
| CVE-2023-23059 | An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains i... | | |
| CVE-2023-23063 | Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the comp... | E | |
| CVE-2023-23064 | TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.... | | |
| CVE-2023-23073 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purc... | | |
| CVE-2023-23074 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding vide... | | |
| CVE-2023-23075 | Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when cre... | | |
| CVE-2023-23076 | OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating ne... | | |
| CVE-2023-23077 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment fi... | | |
| CVE-2023-23078 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment fi... | | |
| CVE-2023-23080 | Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10... | E | |
| CVE-2023-23082 | A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to ca... | E S | |
| CVE-2023-23086 | Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via th... | E | |
| CVE-2023-23087 | An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy func... | E | |
| CVE-2023-23088 | Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an a... | E S | |
| CVE-2023-23108 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can... | E S | |
| CVE-2023-23109 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can... | S | |
| CVE-2023-23110 | An exploitable firmware modification vulnerability was discovered in certain Netgear products. The d... | E | |
| CVE-2023-23119 | The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update ma... | E | |
| CVE-2023-23120 | The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update ma... | E | |
| CVE-2023-23126 | Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used... | | |
| CVE-2023-23127 | In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not... | | |
| CVE-2023-23128 | Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendo... | | |
| CVE-2023-23130 | Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done... | | |
| CVE-2023-23131 | Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.... | | |
| CVE-2023-23132 | Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals h... | | |
| CVE-2023-23135 | An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code vi... | E | |
| CVE-2023-23136 | lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.cla... | E | |
| CVE-2023-23143 | Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC ver... | E S | |
| CVE-2023-23144 | Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC ver... | E S | |
| CVE-2023-23145 | GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_ful... | E S | |
| CVE-2023-23149 | DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.... | | |
| CVE-2023-23150 | SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution.... | | |
| CVE-2023-23151 | bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the compo... | E | |
| CVE-2023-23155 | Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerabi... | E | |
| CVE-2023-23156 | Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerabi... | E | |
| CVE-2023-23157 | A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allo... | E | |
| CVE-2023-23158 | A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allo... | E | |
| CVE-2023-23161 | A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 a... | E | |
| CVE-2023-23162 | Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability v... | E | |
| CVE-2023-23163 | Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability v... | E | |
| CVE-2023-23169 | Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directo... | E | |
| CVE-2023-23192 | IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.... | E | |
| CVE-2023-23205 | An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/m... | E | |
| CVE-2023-23208 | Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) ... | | |
| CVE-2023-23277 | Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary... | E | |
| CVE-2023-23279 | Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.... | E | |
| CVE-2023-23286 | Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrar... | E | |
| CVE-2023-23294 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection.... | E | |
| CVE-2023-23295 | Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection ... | E | |
| CVE-2023-23296 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service ... | E | |
| CVE-2023-23298 | The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 do... | E | |
| CVE-2023-23299 | The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.... | E | |
| CVE-2023-23300 | The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does n... | E | |
| CVE-2023-23301 | The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string ... | E | |
| CVE-2023-23302 | The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does n... | E | |
| CVE-2023-23303 | The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 d... | E | |
| CVE-2023-23304 | The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a special... | E | |
| CVE-2023-23305 | The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer ov... | E | |
| CVE-2023-23306 | The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a t... | E | |
| CVE-2023-23313 | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and ... | | |
| CVE-2023-23314 | An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers ... | E S | |
| CVE-2023-23315 | The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up t... | E | |
| CVE-2023-23324 | Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials fo... | M | |
| CVE-2023-23325 | Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vuln... | M | |
| CVE-2023-23326 | A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low pri... | E | |
| CVE-2023-23327 | An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/recei... | E | |
| CVE-2023-23328 | A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type... | E | |
| CVE-2023-23330 | amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.... | | |
| CVE-2023-23331 | Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.... | E | |
| CVE-2023-23333 | There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute ... | E | |
| CVE-2023-23342 | HCL Nomad for web is affected by cryptographic validation of local data access that can be circumvented | | |
| CVE-2023-23343 | HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability. | | |
| CVE-2023-23344 | HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization | | |
| CVE-2023-23346 | Use of a broken cryptographic algorithm affects HCL DRYiCE MyCloud | | |
| CVE-2023-23347 | Use of a broken cryptographic algorithm affects HCL DRYiCE iAutomate | | |
| CVE-2023-23348 | HCL Launch is vulnerable to sensitive information disclosure | | |
| CVE-2023-23349 | Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a ... | S | |
| CVE-2023-23354 | QuLog Center | S | |
| CVE-2023-23355 | QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR | S | |
| CVE-2023-23356 | QuFirewall | S | |
| CVE-2023-23357 | QuLog Center | S | |
| CVE-2023-23362 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-23363 | QTS | S | |
| CVE-2023-23364 | Multimedia Console | S | |
| CVE-2023-23365 | Music Station | S | |
| CVE-2023-23366 | Music Station | S | |
| CVE-2023-23367 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-23368 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-23369 | QTS, Multimedia Console, and Media Streaming add-on | S | |
| CVE-2023-23370 | QVPN Device Client | S | |
| CVE-2023-23371 | QVPN Device Client | S | |
| CVE-2023-23372 | QTS, QuTS hero | S | |
| CVE-2023-23373 | QUSBCam2 | S | |
| CVE-2023-23374 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2023-23375 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | S | |
| CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-23377 | 3D Builder Remote Code Execution Vulnerability | S | |
| CVE-2023-23378 | Print 3D Remote Code Execution Vulnerability | S | |
| CVE-2023-23379 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | S | |
| CVE-2023-23381 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-23382 | Azure Machine Learning Compute Instance Information Disclosure Vulnerability | S | |
| CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability | S | |
| CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | S | |
| CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability | S | |
| CVE-2023-23390 | 3D Builder Remote Code Execution Vulnerability | S | |
| CVE-2023-23391 | Office for Android Spoofing Vulnerability | S | |
| CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability | S | |
| CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | S | |
| CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | S | |
| CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability | S | |
| CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | S | |
| CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | S | |
| CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | S | |
| CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability | S | |
| CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | S | |
| CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | S | |
| CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | S | |
| CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | S | |
| CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | S | |
| CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability | S | |
| CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | S | |
| CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | S | |
| CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-23424 | Some Honor products are affected by file writing vulnerability, successful exploitation could cause... | | |
| CVE-2023-23426 | Some Honor products are affected by file writing vulnerability, successful exploitation could cause... | | |
| CVE-2023-23427 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploi... | | |
| CVE-2023-23428 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploi... | | |
| CVE-2023-23429 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploi... | | |
| CVE-2023-23430 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploi... | | |
| CVE-2023-23431 | Some Honor products are affected by signature management vulnerability, successful exploitation cou... | | |
| CVE-2023-23432 | Some Honor products are affected by signature management vulnerability, successful exploitation cou... | | |
| CVE-2023-23433 | Some Honor products are affected by signature management vulnerability, successful exploitation cou... | | |
| CVE-2023-23434 | Some Honor products are affected by information leak vulnerability, successful exploitation could c... | | |
| CVE-2023-23435 | Some Honor products are affected by signature management vulnerability, successful exploitation cou... | | |
| CVE-2023-23436 | Some Honor products are affected by signature management vulnerability, successful exploitation cou... | | |
| CVE-2023-23437 | Some Honor products are affected by information leak vulnerability, successful exploitation could c... | | |
| CVE-2023-23438 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploi... | | |
| CVE-2023-23439 | Some Honor products are affected by information leak vulnerability, successful exploitation could c... | | |
| CVE-2023-23440 | Some Honor products are affected by information leak vulnerability, successful exploitation could c... | | |
| CVE-2023-23441 | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could... | | |
| CVE-2023-23442 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cau... | | |
| CVE-2023-23443 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cau... | | |
| CVE-2023-23444 | Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Part... | M | |
| CVE-2023-23445 | Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 11... | M | |
| CVE-2023-23446 | Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 11... | S | |
| CVE-2023-23447 | Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1... | S | |
| CVE-2023-23448 | Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 110... | M | |
| CVE-2023-23449 | Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 110... | M | |
| CVE-2023-23450 | Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partn... | M | |
| CVE-2023-23451 | The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=... | | |
| CVE-2023-23452 | Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 al... | | |
| CVE-2023-23453 | Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 al... | | |
| CVE-2023-23454 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a de... | S | |
| CVE-2023-23455 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a ... | S | |
| CVE-2023-23456 | Upx: heap-buffer-overflow in packtmt::pack() | E S | |
| CVE-2023-23457 | Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp | E S | |
| CVE-2023-23458 | Sunell DVR – Exposure of Sensitive Information | | |
| CVE-2023-23459 | Priority Windows – Command Execution via SQL Injection | S | |
| CVE-2023-23460 | Priority Web – Authentication bypass | S | |
| CVE-2023-23461 | Libpeconv – access violation | S | |
| CVE-2023-23462 | Libpeconv – integer overflow | S | |
| CVE-2023-23463 | Sunell DVR – Insufficiently Protected Credentials | | |
| CVE-2023-23464 | Media CP Media Control Panel – Information Disclosure | | |
| CVE-2023-23465 | Media CP Media Control Panel – CSRF | | |
| CVE-2023-23466 | Media CP Media Control Panel – insufficiently protected credential change | | |
| CVE-2023-23467 | Media CP Media Control Panel – Reflected XSS | | |
| CVE-2023-23468 | IBM Robotic Process Automation for Cloud Pak access control | S | |
| CVE-2023-23469 | IBM Cloud Pak for Business Automation information disclosure | | |
| CVE-2023-23470 | IBM i privilege escalation | | |
| CVE-2023-23472 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2023-23473 | IBM InfoSphere Information Server cross-site request forgery | S | |
| CVE-2023-23474 | IBM Cognos Controller information disclosure | | |
| CVE-2023-23475 | IBM Infosphere Information Server cross-site scripting | S | |
| CVE-2023-23476 | IBM Robotic Process Automation information disclosure | | |
| CVE-2023-23477 | IBM WebSphere Application Server code execution | | |
| CVE-2023-23480 | IBM Sterling Partner Engagement Manager cross-site scripting | S | |
| CVE-2023-23481 | IBM Sterling Partner Engagement Manager cross-site scripting | S | |
| CVE-2023-23482 | IBM Sterling Partner Engagement Manager clickjacking | S | |
| CVE-2023-23487 | IBM Db2 audit logging | S | |
| CVE-2023-23488 | The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL in... | | |
| CVE-2023-23489 | The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthent... | E | |
| CVE-2023-23490 | The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vu... | E | |
| CVE-2023-23491 | The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scr... | E | |
| CVE-2023-23492 | The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL i... | E | |
| CVE-2023-23493 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2023-23494 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and i... | | |
| CVE-2023-23495 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fi... | | |
| CVE-2023-23496 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3... | | |
| CVE-2023-23497 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.... | | |
| CVE-2023-23498 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iP... | | |
| CVE-2023-23499 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3,... | | |
| CVE-2023-23500 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iO... | | |
| CVE-2023-23501 | The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An ... | | |
| CVE-2023-23502 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i... | | |
| CVE-2023-23503 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2023-23504 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,... | | |
| CVE-2023-23505 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-23506 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2023-23507 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6.3, m... | | |
| CVE-2023-23508 | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, ... | | |
| CVE-2023-23510 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2023-23511 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,... | | |
| CVE-2023-23512 | The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 1... | | |
| CVE-2023-23513 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Bi... | | |
| CVE-2023-23514 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS V... | | |
| CVE-2023-23516 | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, ... | | |
| CVE-2023-23517 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,... | | |
| CVE-2023-23518 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,... | | |
| CVE-2023-23519 | A memory corruption issue was addressed with improved state management. This issue is fixed in watch... | | |
| CVE-2023-23520 | A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS ... | | |
| CVE-2023-23522 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO... | | |
| CVE-2023-23523 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, i... | | |
| CVE-2023-23524 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS ... | | |
| CVE-2023-23525 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 a... | | |
| CVE-2023-23526 | This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by... | | |
| CVE-2023-23527 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 an... | | |
| CVE-2023-23528 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4,... | | |
| CVE-2023-23529 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPa... | KEV | |
| CVE-2023-23530 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iO... | | |
| CVE-2023-23531 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iO... | | |
| CVE-2023-23532 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 a... | | |
| CVE-2023-23533 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS M... | | |
| CVE-2023-23534 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big S... | | |
| CVE-2023-23535 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iO... | | |
| CVE-2023-23536 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS ... | | |
| CVE-2023-23537 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-23538 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS M... | | |
| CVE-2023-23539 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve... | | |
| CVE-2023-23540 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS ... | | |
| CVE-2023-23541 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-23542 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-23543 | The issue was addressed with additional restrictions on the observability of app states. This issue ... | | |
| CVE-2023-23545 | Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logg... | | |
| CVE-2023-23546 | A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0... | E | |
| CVE-2023-23547 | A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesigh... | E | |
| CVE-2023-23548 | XSS in business intelligence | | |
| CVE-2023-23549 | DoS via long hostnames | | |
| CVE-2023-23550 | An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Miles... | E | |
| CVE-2023-23551 | X-600M Code Injection | S | |
| CVE-2023-23552 | BIG-IP Advanced WAF and ASM vulnerability | | |
| CVE-2023-23553 | X-400 Cross-Site Scripting | S | |
| CVE-2023-23554 | Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refres... | | |
| CVE-2023-23555 | BIG-IP Virtual Edition vulnerability | | |
| CVE-2023-23556 | An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a... | S | |
| CVE-2023-23557 | An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a5949... | S | |
| CVE-2023-23558 | In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker ... | E S | |
| CVE-2023-23559 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is ... | S | |
| CVE-2023-23560 | In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation... | | |
| CVE-2023-23561 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users ... | | |
| CVE-2023-23562 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authen... | | |
| CVE-2023-23563 | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain ... | E | |
| CVE-2023-23564 | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute... | E | |
| CVE-2023-23565 | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retriev... | E | |
| CVE-2023-23566 | A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassin... | | |
| CVE-2023-23567 | A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft... | E | |
| CVE-2023-23568 | Improper privilege validation in Command Centre Server allows authenticated unprivileged operators ... | | |
| CVE-2023-23569 | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2... | | |
| CVE-2023-23570 | Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and... | | |
| CVE-2023-23571 | An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5... | E | |
| CVE-2023-23572 | Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a rem... | M | |
| CVE-2023-23573 | Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a p... | | |
| CVE-2023-23574 | Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 | S | |
| CVE-2023-23575 | Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticate... | M | |
| CVE-2023-23576 | Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical... | | |
| CVE-2023-23577 | Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 ... | S | |
| CVE-2023-23578 | Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows... | | |
| CVE-2023-23579 | Datakit CrossCAD/Ware | S | |
| CVE-2023-23580 | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2... | | |
| CVE-2023-23581 | A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of ... | E | |
| CVE-2023-23582 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer ove... | S | |
| CVE-2023-23583 | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may all... | | |
| CVE-2023-23584 | An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently... | | |
| CVE-2023-23585 | Server DoS due to heap overflow | | |
| CVE-2023-23586 | Use after free in io_uring in the Linux Kernel | S | |
| CVE-2023-23588 | A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All version... | | |
| CVE-2023-23589 | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol ca... | E S | |
| CVE-2023-23590 | Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service ... | | |
| CVE-2023-23591 | The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive i... | | |
| CVE-2023-23592 | WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.... | S | |
| CVE-2023-23594 | An authentication bypass vulnerability in the web client interface for the CL4NX printer before firm... | | |
| CVE-2023-23595 | BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A singl... | E | |
| CVE-2023-23596 | jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, t... | E | |
| CVE-2023-23597 | A compromised web child process could disable web security opening restrictions, leading to a new ch... | | |
| CVE-2023-23598 | Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plai... | | |
| CVE-2023-23599 | When copying a network request from the developer tools panel as a curl command the output was not b... | | |
| CVE-2023-23600 | Per origin notification permissions were being stored in a way that didn't take into account what br... | | |
| CVE-2023-23601 | Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab whic... | | |
| CVE-2023-23602 | A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Pol... | | |
| CVE-2023-23603 | Regular expressions used to filter out forbidden properties and values from style directives in call... | | |
| CVE-2023-23604 | A duplicate SystemPrincipal object could be created when parsing a non-system html docu... | | |
| CVE-2023-23605 | Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence ... | | |
| CVE-2023-23606 | Memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption a... | | |
| CVE-2023-23607 | Unrestricted file upload leads to Remote Code Execution in erohtar/Dasherr | E S | |
| CVE-2023-23608 | spotipy Path traversal vulnerability that may lead to type confusion in URI handling code | E S | |
| CVE-2023-23609 | contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames | S | |
| CVE-2023-23610 | glpi vulnerable to Unauthorized access to data export | | |
| CVE-2023-23611 | xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation | | |
| CVE-2023-23612 | Issue with whitespace in JWT roles in OpenSearch | | |
| CVE-2023-23613 | Field-level security issue with .keyword fields in OpenSearch | | |
| CVE-2023-23614 | Improper session handling of "Remember me for 7 days" functionality | E S | |
| CVE-2023-23615 | Malicious users in Discourse can create spam topics as any user due to improper access control | | |
| CVE-2023-23616 | Discourse membership requests lack character limit | S | |
| CVE-2023-23617 | OpenMage LTS has DoS vulnerability in MaliciousCode filter | S | |
| CVE-2023-23618 | gitk can inadvertently call executables in the worktree | S | |
| CVE-2023-23619 | Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina | E | |
| CVE-2023-23620 | Discourse restricted tag routes leak topic information | S | |
| CVE-2023-23621 | Discourse vulnerable to ReDoS in user agent parsing | S | |
| CVE-2023-23622 | Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users | S | |
| CVE-2023-23623 | Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron | M | |
| CVE-2023-23624 | Discourse's exclude_tags param could leak which topics had a specific hidden tag | S | |
| CVE-2023-23625 | Denial of service in HAMT Decoding in go-unixfs | S | |
| CVE-2023-23626 | Denial of service when feeding malformed size arguments in go-bitfield | E S | |
| CVE-2023-23627 | Sanitize vulnerable to Cross-site Scripting via Improper neutralization of `noscript` element | M | |
| CVE-2023-23628 | Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor | | |
| CVE-2023-23629 | Metabase subject to Improper Privilege Management | | |
| CVE-2023-23630 | Cross-site (XSS) vulnerability with Express API in Eta | S | |
| CVE-2023-23631 | HAMT Decoding Panics in github.com/ipfs/go-unixfsnode | S | |
| CVE-2023-23632 | BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authe... | | |
| CVE-2023-23634 | SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary ... | E | |
| CVE-2023-23635 | In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows... | E | |
| CVE-2023-23636 | In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows a... | E S | |
| CVE-2023-23637 | IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modi... | E S | |
| CVE-2023-23638 | Apache Dubbo Deserialization Vulnerability Gadgets Bypass | | |
| CVE-2023-23639 | WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability | S | |
| CVE-2023-23640 | WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability | S | |
| CVE-2023-23641 | WordPress Uji Popup Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23645 | WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability | S | |
| CVE-2023-23646 | WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23647 | WordPress Team Member Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23649 | WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability | | |
| CVE-2023-23650 | WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23651 | WordPress MainWP Google Analytics Extension Plugin <= 4.0.4 - SQL Injection vulnerability | S | |
| CVE-2023-23654 | WordPress SparkPost Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23656 | WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability | S | |
| CVE-2023-23657 | WordPress Mail Subscribe List Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23659 | WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23660 | WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection | S | |
| CVE-2023-23664 | WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23667 | WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23668 | WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23670 | WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23671 | WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23672 | WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability | S | |
| CVE-2023-23673 | WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23674 | WordPress WP Original Media Path Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23675 | WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23676 | WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23677 | WordPress GTmetrix for WordPress Plugin <= 0.4.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23678 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection | S | |
| CVE-2023-23679 | WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR) | | |
| CVE-2023-23680 | WordPress WP TopBar Plugin <= 5.36 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23681 | WordPress Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23682 | WordPress EZP Maintenance Mode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-23683 | WordPress White Label Branding for Elementor Page Builder Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23684 | WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-23685 | WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23686 | WordPress Simple Staff List Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23687 | WordPress Youtube shortcode Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23688 | WordPress Social Share Boost Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23689 | Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware manageme... | S | |
| CVE-2023-23690 | Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Cert... | | |
| CVE-2023-23691 | Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability.... | | |
| CVE-2023-23692 | Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticat... | | |
| CVE-2023-23693 | Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager... | | |
| CVE-2023-23694 | Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRa... | | |
| CVE-2023-23695 | Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vuln... | | |
| CVE-2023-23696 | Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vul... | S | |
| CVE-2023-23697 | Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vul... | S | |
| CVE-2023-23698 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain In... | S | |
| CVE-2023-23699 | WordPress Progress Bar Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23700 | WordPress OceanWP theme <= 3.4.1 - Authenticated Local File Inclusion vulnerability | S | |
| CVE-2023-23701 | WordPress Easy Sign Up Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23702 | WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23703 | WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23704 | WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23705 | WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23706 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23707 | WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23708 | WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23709 | WordPress WPJAM Basic Plugin <= 6.2.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23710 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23711 | WordPress A2 Optimized WP Plugin <= 3.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23712 | WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23713 | WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23714 | WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23715 | WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability | S | |
| CVE-2023-23716 | WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability | S | |
| CVE-2023-23717 | WordPress Portfolio Slideshow Plugin <= 1.13.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23718 | WordPress Page Loading Effects Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23719 | WordPress Premmerce Plugin <= 1.3.17 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23720 | WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23721 | WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23722 | WordPress WP eBay Product Feeds Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23723 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23724 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23725 | WordPress Shortcodes by Angie Makes plugin <= 3.46 - Broken Access Control vulnerability | | |
| CVE-2023-23726 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.1.0 - CSRF Leading To Post Status Change Vulnerability | S | |
| CVE-2023-23727 | WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23728 | WordPress WP Flipclock Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23730 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability | S | |
| CVE-2023-23731 | WordPress WishSuite Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23732 | WordPress Disqus Conditional Load Plugin <= 11.0.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23733 | WordPress Lazy Social Comments Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23734 | WordPress Userlike – WordPress Live Chat plugin Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23735 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability | S | |
| CVE-2023-23737 | WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection | | |
| CVE-2023-23738 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability | S | |
| CVE-2023-23749 | Extension - miniorange - LDAP Integration - LDAP Injection (username) | | |
| CVE-2023-23750 | [20230101] - Core - CSRF within post-installation messages | | |
| CVE-2023-23751 | [20230102] - Core - Missing ACL checks for com_actionlogs | | |
| CVE-2023-23752 | [20230201] - Core - Improper access check in webservice endpoints | KEV | |
| CVE-2023-23753 | Extension - vi-solutions - Visforms Base Package for Joomla 3 | E | |
| CVE-2023-23754 | [20230501] - Core - Open Redirect and XSS within the mfa select | | |
| CVE-2023-23755 | [20230502] - Core - Bruteforce prevention within the mfa screen | | |
| CVE-2023-23756 | Extension - advcomsys.com - XSS in oneVote component for Joomla <= 1.7.0 | | |
| CVE-2023-23757 | Extension - bestaddon.com - SQLi in BA Gallery component for Joomla <= 1.2.0 | | |
| CVE-2023-23758 | Extension - creative-solutions.net - SQLi in Creative Gallery component for Joomla <= 2.2.0 | | |
| CVE-2023-23759 | There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be tr... | S | |
| CVE-2023-23760 | Path traversal in GitHub Enterprise Server leading to remote code execution | | |
| CVE-2023-23761 | Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists | | |
| CVE-2023-23762 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling | | |
| CVE-2023-23763 | Information disclosure in GitHub Enterprise Server leading to private repository leakage | | |
| CVE-2023-23764 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling | | |
| CVE-2023-23765 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling | | |
| CVE-2023-23766 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling | | |
| CVE-2023-23767 | Rejected reason: This CVE ID has been rejected or withdrawn by GitHub as it was issued in error.... | R | |
| CVE-2023-23770 | Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controlle... | | |
| CVE-2023-23771 | Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Mach... | | |
| CVE-2023-23772 | Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Co... | | |
| CVE-2023-23773 | Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lac... | | |
| CVE-2023-23774 | Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS S... | | |
| CVE-2023-23775 | Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerab... | S | |
| CVE-2023-23776 | An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyz... | S | |
| CVE-2023-23777 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner... | S | |
| CVE-2023-23778 | A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versio... | S | |
| CVE-2023-23779 | Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') ... | S | |
| CVE-2023-23780 | A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb ve... | S | |
| CVE-2023-23781 | A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all v... | S | |
| CVE-2023-23782 | A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.... | S | |
| CVE-2023-23783 | A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, Forti... | S | |
| CVE-2023-23784 | A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 t... | S | |
| CVE-2023-23785 | WordPress Exquisite PayPal Donation Plugin <= v2.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23786 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23787 | WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23788 | WordPress Custom More Link Complete Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23789 | WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23790 | WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23791 | WordPress HT Menu Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23792 | WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23793 | WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23794 | WordPress Semalt Blocker Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23795 | WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23796 | WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to CSV Injection | | |
| CVE-2023-23797 | WordPress Auto YouTube Importer Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23798 | WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23799 | WordPress Easy Panorama Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-23800 | WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-23801 | WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23802 | WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23803 | WordPress JustTables – WooCommerce Product Table Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23804 | WordPress HT Feed Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23806 | WordPress WordPress Custom Settings Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23807 | WordPress MojoPlug Slide Panel Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23808 | WordPress Sponsors Carousel Plugin <= 4.02 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23809 | WordPress Stock market charts from finviz Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23810 | WordPress Panorama – WordPress Project Management Plugin Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23811 | WordPress Smoothscroller Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23812 | WordPress Enhanced WP Contact Form Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23813 | WordPress My Calendar Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23814 | WordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerability | S | |
| CVE-2023-23815 | WordPress Multi-column Tag Map Plugin <= 17.0.24 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23816 | WordPress Sitemap Index Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23817 | WordPress Simple PDF Viewer Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23818 | WordPress WP Register Profile With Shortcode Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23819 | WordPress itemprop WP for SERP/SEO Rich snippets Plugin <= 3.5.201706131 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23820 | WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23821 | WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23822 | WordPress UTM Tracker Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23823 | WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability | S | |
| CVE-2023-23824 | WordPress WP TopBar Plugin <= 5.36 is vulnerable to SQL Injection | | |
| CVE-2023-23825 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability | S | |
| CVE-2023-23826 | WordPress Add Posts to Pages Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23827 | WordPress Google Maps v3 Shortcode Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23828 | WordPress WP Category Post List Widget Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23829 | WordPress Owl Carousel Plugin <= 0.5.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23830 | WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23831 | WordPress Rating Widget Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23832 | WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23833 | WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23834 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability | S | |
| CVE-2023-23835 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34),... | | |
| CVE-2023-23836 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | S | |
| CVE-2023-23837 | No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1 | S | |
| CVE-2023-23838 | Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1 | S | |
| CVE-2023-23839 | SolarWinds Platform Exposure of Sensitive Information Vulnerability | S | |
| CVE-2023-23840 | SolarWinds Platform Exposed Dangerous Method Vulnerability | S | |
| CVE-2023-23841 | SolarWinds Serv-U Exposure of Sensitive Information Vulnerability | S | |
| CVE-2023-23842 | SolarWinds Network Configuration Manager Directory Traversal Vulnerability | S | |
| CVE-2023-23843 | SolarWinds Platform Incorrect Comparison Vulnerability | S | |
| CVE-2023-23844 | SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability | S | |
| CVE-2023-23845 | SolarWinds Platform Exposed Dangerous Method Vulnerability | S | |
| CVE-2023-23846 | Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 a... | | |
| CVE-2023-23847 | A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earl... | | |
| CVE-2023-23848 | Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with... | | |
| CVE-2023-23849 | Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scri... | | |
| CVE-2023-23850 | A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers wi... | | |
| CVE-2023-23851 | SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business author... | | |
| CVE-2023-23852 | SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled... | | |
| CVE-2023-23853 | An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions... | | |
| CVE-2023-23854 | SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750,... | | |
| CVE-2023-23855 | SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a maliciou... | | |
| CVE-2023-23856 | In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some c... | | |
| CVE-2023-23857 | Improper Access Control in SAP NetWeaver AS for Java | | |
| CVE-2023-23858 | Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 75... | | |
| CVE-2023-23859 | SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, ... | | |
| CVE-2023-23860 | SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, ... | | |
| CVE-2023-23861 | WordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23862 | WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23863 | WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23864 | WordPress Very Simple Google Maps Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23865 | WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.4.10 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23866 | WordPress Interactive Geo Maps Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23867 | WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23868 | WordPress Cost of Goods for WooCommerce plugin <= 2.8.6 - Broken Access Control vulnerability | S | |
| CVE-2023-23869 | WordPress Google XML Sitemap for Mobile Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23870 | WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23871 | WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23872 | WordPress GMAce plugin <= 1.5.2 - Arbitrary File Download vulnerability | | |
| CVE-2023-23873 | WordPress BBSpoiler Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23874 | WordPress Ditty Plugin <= 3.0.32 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23875 | WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23876 | WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23877 | WordPress Pinterest RSS Widget Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23878 | WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23879 | WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23880 | WordPress ExactMetrics Plugin <= 7.14.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23881 | WordPress Circles Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23882 | WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control | S | |
| CVE-2023-23883 | WordPress WP Content Filter – Censor All Offensive Content From Your Site Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23884 | WordPress Kanban Boards for WordPress Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-23885 | WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23886 | WordPress WP-RecentComments plugin <= 2.2.7 - Broken Access Control vulnerability | | |
| CVE-2023-23887 | WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability | | |
| CVE-2023-23888 | WordPress Rank Math SEO plugin <= 1.0.107.2 - Local File Inclusion vulnerability | S | |
| CVE-2023-23889 | WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23890 | WordPress WP Airbnb Review Slider Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23891 | WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23892 | WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23893 | WordPress Simple Giveaways plugin <= 2.48.0 - Broken Access Control vulnerability | S | |
| CVE-2023-23894 | WordPress Surbma | GDPR Proof Cookie Consent & Notice Bar Plugin <= 17.5.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23895 | WordPress WP Time Slots Booking Form plugin <= 1.1.82 - Broken Access Control vulnerability | S | |
| CVE-2023-23896 | WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Broken Access Control | | |
| CVE-2023-23897 | WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23898 | WordPress Blocksy Companion Plugin <= 1.8.67 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23899 | WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23900 | WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23901 | Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00... | | |
| CVE-2023-23902 | A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.... | E | |
| CVE-2023-23903 | DoS via SAML configuration in Guardian/CMC before 22.6.2 | S | |
| CVE-2023-23904 | NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged us... | | |
| CVE-2023-23906 | Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and... | | |
| CVE-2023-23907 | A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.... | E | |
| CVE-2023-23908 | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a priv... | | |
| CVE-2023-23909 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 p... | | |
| CVE-2023-23910 | Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 ... | | |
| CVE-2023-23911 | An improper access control vulnerability exists prior to v6 that could allow an attacker to break th... | | |
| CVE-2023-23912 | A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways... | E S | |
| CVE-2023-23913 | There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard... | | |
| CVE-2023-23914 | A cleartext transmission of sensitive information vulnerability exists in curl | E | |
| CVE-2023-23915 | A cleartext transmission of sensitive information vulnerability exists in curl | | |
| CVE-2023-23916 | An allocation of resources without limits or throttling vulnerability exists in curl | E | |
| CVE-2023-23917 | A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker... | | |
| CVE-2023-23918 | A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that... | S | |
| CVE-2023-23919 | A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some c... | E S | |
| CVE-2023-23920 | An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 ... | S | |
| CVE-2023-23921 | Moodle: reflected xss risk in some returnurl parameters | S | |
| CVE-2023-23922 | Moodle: reflected xss risk in blog search | S | |
| CVE-2023-23923 | Moodle: possible to set the preferred "start page" of other users | S | |
| CVE-2023-23924 | URI validation failure on SVG parsing in Dompdf | E S | |
| CVE-2023-23925 | Switcher Client contains Regular Expression Denial of Service (ReDoS) | | |
| CVE-2023-23926 | APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vul... | S | |
| CVE-2023-23927 | Craft CMS stored cross-site scripting vulnerability | E | |
| CVE-2023-23928 | reason-jose ignores signature checks | S | |
| CVE-2023-23929 | Refresh tokens do not expire in Vantage6 | S | |
| CVE-2023-23930 | vantage6's Pickle serialization is insecure | E S | |
| CVE-2023-23931 | Cipher.update_into can corrupt memory in pyca cryptography | E S | |
| CVE-2023-23932 | Specially crafted RTPS message may cause an OpenDDS application to crash | S | |
| CVE-2023-23933 | Issue in Anomaly Detection with document and field level rules in numerical feature aggregations | | |
| CVE-2023-23934 | Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass | S | |
| CVE-2023-23935 | Presence of restricted personal Discourse messages may be leaked if tagged with a tag | S | |
| CVE-2023-23936 | CRLF Injection in Nodejs ‘undici’ via host | E S | |
| CVE-2023-23937 | Missing file upload type validation in pimcore/pimcore | S | |
| CVE-2023-23938 | Cross-site Scripting (XSS) through the name of a color of select box values in tuleap | S | |
| CVE-2023-23939 | Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower | S | |
| CVE-2023-23940 | OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass | S | |
| CVE-2023-23941 | SwagPayPal payment not sent to PayPal correctly | S | |
| CVE-2023-23942 | Self reflected HTML injection in Desktop client | S | |
| CVE-2023-23943 | Blind SSRF via server URL input in the Nextcloud Mail app | E S | |
| CVE-2023-23944 | Nexcloud Mail app temporarily stores cleartext password in database | S | |
| CVE-2023-23946 | Git's `git apply` overwriting paths outside the working tree | S | |
| CVE-2023-23947 | Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets | S | |
| CVE-2023-23948 | ownCloud Android app vulnerable to SQL Injection | E | |
| CVE-2023-23949 | An authenticated user can supply malicious HTML and JavaScript code that will be executed in the cli... | | |
| CVE-2023-23950 | User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two r... | | |
| CVE-2023-23951 | Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by ... | | |
| CVE-2023-23952 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a C... | | |
| CVE-2023-23953 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an ... | | |
| CVE-2023-23954 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a S... | | |
| CVE-2023-23955 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a S... | | |
| CVE-2023-23956 | A user can supply malicious HTML and JavaScript code that will be executed in the client browser... | | |
| CVE-2023-23957 | Open Redirection Vulnerability in Symantec Identity Portal 14.4 | | |
| CVE-2023-23958 | Symantec Protection Engine Hash Leak Vulnerability | M | |
| CVE-2023-23969 | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Lan... | S | |
| CVE-2023-23970 | WordPress Corsa Theme <= 1.5 is vulnerable to Arbitrary File Upload | | |
| CVE-2023-23971 | WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23972 | WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23973 | WordPress Contact Us page - Contact people LITE Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23974 | WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23975 | WordPress Quick Event Manager plugin <= 9.7.4 - Broken Access Control vulnerability | S | |
| CVE-2023-23976 | WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change | S | |
| CVE-2023-23977 | WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23978 | WordPress WP Client Reports Plugin <= 1.0.16 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-23979 | WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23980 | WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23981 | WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23982 | WordPress WPFrom Email Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23983 | WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23984 | WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23985 | WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing | S | |
| CVE-2023-23986 | WordPress Reviews and Rating – Google My Business plugin <= 4.14 - Broken Access Control vulnerability | S | |
| CVE-2023-23987 | WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23988 | WordPress My Tickets plugin <= 1.9.11 - Payment Bypass Vulnerability | S | |
| CVE-2023-23989 | WordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection | S | |
| CVE-2023-23990 | WordPress Redirection for Contact Form 7 plugin <= 2.7.0 - Privilege Escalation vulnerability | S | |
| CVE-2023-23991 | WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection | S | |
| CVE-2023-23992 | WordPress AutomatorWP Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23993 | WordPress IP Blocker Lite Plugin <= 11.1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-23994 | WordPress Auto Hide Admin Bar Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23995 | WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23996 | WordPress ProfilePress Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23997 | WordPress Database Collation Fix Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-23998 | WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-23999 | WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS) | S |