| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-24000 | WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection | S | |
| CVE-2023-24001 | WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24002 | WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24003 | WordPress WP Popups Plugin <= 2.1.4.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24004 | WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24005 | WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24006 | WordPress WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24007 | WordPress Admin Block Country Plugin <= 7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-24008 | WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24009 | WordPress Upfrontwp Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24010 | Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS | E S | |
| CVE-2023-24011 | Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS | E S | |
| CVE-2023-24012 | Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS | E S | |
| CVE-2023-24014 | Delta Electronics CNCSoft-B DOPSoft Heap-based buffer overflow | S | |
| CVE-2023-24015 | Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 | S | |
| CVE-2023-24016 | Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software... | | |
| CVE-2023-24018 | A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_passwor... | E | |
| CVE-2023-24019 | A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functi... | E | |
| CVE-2023-24020 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, ... | S | |
| CVE-2023-24021 | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Appli... | S | |
| CVE-2023-24022 | Hard Coded Credential Crypt Vulnerability | S | |
| CVE-2023-24023 | Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core... | | |
| CVE-2023-24025 | CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may al... | | |
| CVE-2023-24026 | In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview p... | S | |
| CVE-2023-24027 | In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.... | S | |
| CVE-2023-24028 | In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the deca... | S | |
| CVE-2023-24029 | In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privi... | | |
| CVE-2023-24030 | An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through ... | | |
| CVE-2023-24031 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attr... | | |
| CVE-2023-24032 | In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a ... | S | |
| CVE-2023-24033 | The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 base... | | |
| CVE-2023-24038 | The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastr... | E | |
| CVE-2023-24039 | A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be explo... | E | |
| CVE-2023-24040 | dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external... | E | |
| CVE-2023-24042 | A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malforme... | E | |
| CVE-2023-24044 | A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers t... | E | |
| CVE-2023-24045 | In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfile... | E | |
| CVE-2023-24046 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary co... | E | |
| CVE-2023-24047 | An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows at... | | |
| CVE-2023-24048 | Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attac... | | |
| CVE-2023-24049 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated p... | | |
| CVE-2023-24050 | Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to... | | |
| CVE-2023-24051 | A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers t... | | |
| CVE-2023-24052 | An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the ... | | |
| CVE-2023-24054 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-24055 | KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML... | S | |
| CVE-2023-24056 | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect... | E S | |
| CVE-2023-24057 | HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitra... | E | |
| CVE-2023-24058 | Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user v... | E | |
| CVE-2023-24059 | Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files ... | M | |
| CVE-2023-24060 | Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Auth... | E | |
| CVE-2023-24062 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR... | E | |
| CVE-2023-24063 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during th... | E | |
| CVE-2023-24064 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during t... | E | |
| CVE-2023-24065 | NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, ... | E | |
| CVE-2023-24068 | Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation a... | E | |
| CVE-2023-24069 | Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially se... | E | |
| CVE-2023-24070 | app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Refere... | S | |
| CVE-2023-24078 | Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vul... | E | |
| CVE-2023-24080 | A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) al... | | |
| CVE-2023-24081 | Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2... | E | |
| CVE-2023-24084 | ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.... | E | |
| CVE-2023-24086 | SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ... | E | |
| CVE-2023-24093 | An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a pass... | E | |
| CVE-2023-24094 | An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of... | E | |
| CVE-2023-24095 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to cont... | E | |
| CVE-2023-24096 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to cont... | E | |
| CVE-2023-24097 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to cont... | E | |
| CVE-2023-24098 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to cont... | E | |
| CVE-2023-24099 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to cont... | E | |
| CVE-2023-24104 | Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via... | E | |
| CVE-2023-24107 | hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a... | E | |
| CVE-2023-24108 | MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoo... | E | |
| CVE-2023-24114 | typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via insta... | E | |
| CVE-2023-24117 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24118 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24119 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24120 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24121 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24122 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24123 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24124 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24125 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24126 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24127 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24128 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24129 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24130 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24131 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24132 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24133 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24134 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via th... | E | |
| CVE-2023-24135 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vul... | E | |
| CVE-2023-24138 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hos... | E | |
| CVE-2023-24139 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Net... | E | |
| CVE-2023-24140 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Net... | E | |
| CVE-2023-24141 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Net... | E | |
| CVE-2023-24142 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Net... | E | |
| CVE-2023-24143 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Net... | E | |
| CVE-2023-24144 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hou... | E | |
| CVE-2023-24145 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plu... | E | |
| CVE-2023-24146 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the min... | E | |
| CVE-2023-24147 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service w... | E | |
| CVE-2023-24148 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Fil... | E | |
| CVE-2023-24149 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored... | E | |
| CVE-2023-24150 | A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLIN... | E | |
| CVE-2023-24151 | A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of T... | E | |
| CVE-2023-24152 | A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOL... | E | |
| CVE-2023-24153 | A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus... | E | |
| CVE-2023-24154 | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList... | E | |
| CVE-2023-24155 | TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is ... | E | |
| CVE-2023-24156 | A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK... | E | |
| CVE-2023-24157 | A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLI... | E | |
| CVE-2023-24159 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the adm... | E | |
| CVE-2023-24160 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the adm... | E | |
| CVE-2023-24161 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the web... | E | |
| CVE-2023-24162 | Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code vi... | E | |
| CVE-2023-24163 | SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code... | E | |
| CVE-2023-24164 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.... | | |
| CVE-2023-24165 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.... | | |
| CVE-2023-24166 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.... | E | |
| CVE-2023-24167 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.... | | |
| CVE-2023-24169 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.... | | |
| CVE-2023-24170 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.... | | |
| CVE-2023-24180 | Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.... | E | |
| CVE-2023-24181 | LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site ... | E S | |
| CVE-2023-24182 | LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scr... | E S | |
| CVE-2023-24184 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.... | | |
| CVE-2023-24187 | An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary c... | E | |
| CVE-2023-24188 | ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion functi... | E | |
| CVE-2023-24189 | An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary cod... | E | |
| CVE-2023-24191 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability ... | E | |
| CVE-2023-24192 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability ... | E | |
| CVE-2023-24194 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability ... | E | |
| CVE-2023-24195 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability ... | E | |
| CVE-2023-24197 | Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2023-24198 | Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_win... | E | |
| CVE-2023-24199 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter... | E | |
| CVE-2023-24200 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter... | E | |
| CVE-2023-24201 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter... | E | |
| CVE-2023-24202 | Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page ... | E | |
| CVE-2023-24203 | Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System ... | E | |
| CVE-2023-24204 | SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 al... | E | |
| CVE-2023-24205 | Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability whi... | E | |
| CVE-2023-24206 | Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay functi... | E | |
| CVE-2023-24212 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /gofo... | E | |
| CVE-2023-24217 | AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerabili... | | |
| CVE-2023-24219 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope paramet... | E | |
| CVE-2023-24220 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope paramet... | E | |
| CVE-2023-24221 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope paramet... | E | |
| CVE-2023-24229 | DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web managemen... | E | |
| CVE-2023-24230 | A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Form... | | |
| CVE-2023-24231 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/... | | |
| CVE-2023-24232 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/... | | |
| CVE-2023-24233 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/... | | |
| CVE-2023-24234 | A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/b... | | |
| CVE-2023-24236 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability ... | E | |
| CVE-2023-24238 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability ... | E | |
| CVE-2023-24241 | Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name p... | E | |
| CVE-2023-24243 | CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).... | E | |
| CVE-2023-24249 | An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrar... | E | |
| CVE-2023-24251 | WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component... | E | |
| CVE-2023-24253 | Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.... | | |
| CVE-2023-24256 | An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers t... | E | |
| CVE-2023-24258 | SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parame... | E | |
| CVE-2023-24261 | A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to exe... | E | |
| CVE-2023-24269 | An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows at... | E | |
| CVE-2023-24276 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability ... | E | |
| CVE-2023-24278 | Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.... | E | |
| CVE-2023-24279 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to... | E | |
| CVE-2023-24282 | An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbi... | E | |
| CVE-2023-24294 | Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via ... | M | |
| CVE-2023-24295 | A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary c... | | |
| CVE-2023-24304 | Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbit... | | |
| CVE-2023-24308 | A potential memory vulnerability due to insufficient input validation in PDFXEditCore.x64.dll in PDF... | | |
| CVE-2023-24317 | Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via t... | | |
| CVE-2023-24320 | An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbi... | E | |
| CVE-2023-24322 | A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal ... | E | |
| CVE-2023-24323 | Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulne... | E | |
| CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisti... | E S | |
| CVE-2023-24330 | Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows att... | E | |
| CVE-2023-24331 | Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows... | E | |
| CVE-2023-24332 | A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01... | E | |
| CVE-2023-24333 | A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC... | E | |
| CVE-2023-24334 | A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC... | E | |
| CVE-2023-24343 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTim... | E | |
| CVE-2023-24344 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpag... | E | |
| CVE-2023-24345 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTim... | E | |
| CVE-2023-24346 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_co... | E | |
| CVE-2023-24347 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpag... | E | |
| CVE-2023-24348 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTim... | E | |
| CVE-2023-24349 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTim... | E | |
| CVE-2023-24350 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config... | E | |
| CVE-2023-24351 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECO... | E | |
| CVE-2023-24352 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpag... | E | |
| CVE-2023-24364 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulner... | E | |
| CVE-2023-24366 | An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive fi... | | |
| CVE-2023-24367 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-24368 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-24369 | A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web... | E | |
| CVE-2023-24372 | WordPress Simple Custom Author Profiles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24373 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability | S | |
| CVE-2023-24374 | WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24375 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control vulnerability | S | |
| CVE-2023-24376 | WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24377 | WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24378 | WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24379 | WordPress Landing Page Builder – Free Landing Page Templates plugin <= 3.1.9.9 - Local File Inclusion vulnerability | S | |
| CVE-2023-24380 | WordPress Simple Wp Sitemap Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-24381 | WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24382 | WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24383 | WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24384 | WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24385 | WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24386 | WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24387 | WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24388 | WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24389 | WordPress Social Proof (Testimonial) Slider Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24390 | WordPress WeSecur Security Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24391 | WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24392 | WordPress Full Width Banner Slider Wp Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24393 | WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24394 | WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24395 | WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24396 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24397 | WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-24398 | WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24399 | WordPress Ocean Extra Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24400 | WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24401 | WordPress Mobile Call Now & Map Buttons Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-24402 | WordPress WP Booking System Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24403 | WordPress bbPress Voting Plugin <= 2.1.11.0 is vulnerable to Cross-Site Scripting (XSS) | S | |
| CVE-2023-24404 | WordPress Marketing Performance Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24405 | WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24406 | WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24407 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability | S | |
| CVE-2023-24408 | WordPress Ecwid Shopping Cart Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24409 | WordPress WP Responsive Tabs horizontal vertical and accordion Tabs Plugin <= 1.1.15 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24410 | WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection | S | |
| CVE-2023-24411 | WordPress BNE Testimonials Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24412 | WordPress Image Social Feed Plugin Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24413 | WordPress wordpress vertical image slider plugin Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-24414 | WordPress Robo Gallery Plugin <= 3.2.11 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24415 | WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24416 | WordPress All In One Favicon Plugin <= 4.7 is vulnerable to Arbitrary File Deletion | S | |
| CVE-2023-24417 | WordPress Worthy – VG WORT Integration für WordPress Plugin <= 1.6.5-6497609 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-24418 | WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24419 | WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24420 | WordPress Admin side data storage for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-24421 | WordPress PHP Compatibility Checker Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-24422 | A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd9... | | |
| CVE-2023-24423 | A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlie... | | |
| CVE-2023-24424 | Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous sessio... | | |
| CVE-2023-24425 | Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appr... | | |
| CVE-2023-24426 | Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on l... | | |
| CVE-2023-24427 | Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... | | |
| CVE-2023-24428 | A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier... | | |
| CVE-2023-24429 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/age... | | |
| CVE-2023-24430 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML... | | |
| CVE-2023-24431 | A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers wi... | | |
| CVE-2023-24432 | A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earl... | | |
| CVE-2023-24433 | Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with... | | |
| CVE-2023-24434 | A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42... | | |
| CVE-2023-24435 | A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows a... | | |
| CVE-2023-24436 | A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows a... | | |
| CVE-2023-24437 | A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v884... | | |
| CVE-2023-24438 | A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier a... | | |
| CVE-2023-24439 | Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencry... | | |
| CVE-2023-24440 | Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in pl... | | |
| CVE-2023-24441 | Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external en... | | |
| CVE-2023-24442 | Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Acce... | | |
| CVE-2023-24443 | Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent X... | | |
| CVE-2023-24444 | Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.... | | |
| CVE-2023-24445 | Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legit... | | |
| CVE-2023-24446 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows at... | | |
| CVE-2023-24447 | A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlie... | | |
| CVE-2023-24448 | A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with... | | |
| CVE-2023-24449 | Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods... | | |
| CVE-2023-24450 | Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on t... | | |
| CVE-2023-24451 | A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers... | | |
| CVE-2023-24452 | A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earl... | | |
| CVE-2023-24453 | A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/... | | |
| CVE-2023-24454 | Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypt... | | |
| CVE-2023-24455 | Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implemen... | | |
| CVE-2023-24456 | Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on... | | |
| CVE-2023-24457 | A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 an... | | |
| CVE-2023-24458 | A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allo... | | |
| CVE-2023-24459 | A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overa... | | |
| CVE-2023-24460 | Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may all... | | |
| CVE-2023-24461 | BIG-IP Edge Client for Windows and macOS vulnerability | | |
| CVE-2023-24463 | Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88... | | |
| CVE-2023-24464 | Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access ... | S | |
| CVE-2023-24465 | Communication Wi-Fi subsystem has a null pointer reference vulnerability when receving external data. | | |
| CVE-2023-24466 | Possible XML External Entity Injection in OpenText iManager | | |
| CVE-2023-24467 | Possible Command Injection in OpenText iManager | | |
| CVE-2023-24468 | Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2... | | |
| CVE-2023-24469 | Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0... | | |
| CVE-2023-24470 | Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.... | | |
| CVE-2023-24471 | Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 | S | |
| CVE-2023-24472 | A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Pro... | E | |
| CVE-2023-24473 | An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of Op... | E | |
| CVE-2023-24474 | Server deserialization missing boundary checks - heap overflow in communication between server and controller | | |
| CVE-2023-24475 | Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privil... | S | |
| CVE-2023-24476 | PTC Vuforia Studio Improper Authorization | S | |
| CVE-2023-24477 | Session Fixation in Guardian/CMC before 22.6.2 | S | |
| CVE-2023-24478 | Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Q... | S | |
| CVE-2023-24479 | An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1... | | |
| CVE-2023-24480 | Controller stack overflow when decoding messages from the server | | |
| CVE-2023-24481 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m... | | |
| CVE-2023-24482 | A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V... | | |
| CVE-2023-24483 | Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA | | |
| CVE-2023-24484 | A malicious user can cause log files to be written to a directory that they do not have permission to write to. | S | |
| CVE-2023-24485 | Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows | S | |
| CVE-2023-24486 | Local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications | | |
| CVE-2023-24487 | Arbitrary file read | | |
| CVE-2023-24488 | Cross site scripting | | |
| CVE-2023-24489 | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller whic... | KEV | |
| CVE-2023-24490 | Users with only access to launch VDA applications can launch an unauthorized desktop | | |
| CVE-2023-24491 | A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exp... | | |
| CVE-2023-24492 | A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploit... | | |
| CVE-2023-24493 | A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied i... | S | |
| CVE-2023-24494 | A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of... | S | |
| CVE-2023-24495 | A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation o... | S | |
| CVE-2023-24496 | Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionali... | E | |
| CVE-2023-24497 | Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionali... | E | |
| CVE-2023-24498 | Netgear ProSAFE 24 Port 10/100 FS726TP - CWE-522: Insufficiently Protected Credentials. | S | |
| CVE-2023-24499 | Butterfly Button plugin may leave traces of its use on user's device | S | |
| CVE-2023-24500 | Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW | | |
| CVE-2023-24501 | Electra Central AC unit – Hardcoded Credentials | | |
| CVE-2023-24502 | Electra Central AC unit – Easily calculated password | | |
| CVE-2023-24503 | Electra Smart Kit for Split AC – Adjacent attacker may cause the unit to load unauthorized FW | | |
| CVE-2023-24504 | Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server | | |
| CVE-2023-24505 | Milesight NCR/Camera CWE-200: Exposure of Sensitive Information | | |
| CVE-2023-24506 | Milesight NCR/Camera CWE-522: Insufficiently Protected Credentials | | |
| CVE-2023-24507 | AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload | S | |
| CVE-2023-24508 | Remote Code Execution in Baicells RTS Platform | S | |
| CVE-2023-24509 | On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ... | E S | |
| CVE-2023-24510 | On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | S | |
| CVE-2023-24511 | On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. | E S | |
| CVE-2023-24512 | On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. | E S | |
| CVE-2023-24513 | On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ... | E S | |
| CVE-2023-24514 | Stored Cross Site Scripting Vulnerability in Visual Console Module | S | |
| CVE-2023-24515 | Server side request forgery in api checker | S | |
| CVE-2023-24516 | Stored Cross Site Scripting - Special Days Module | E S | |
| CVE-2023-24517 | Remote Code Execution via Unrestricted File Upload | E S | |
| CVE-2023-24518 | Disabling the administrator's account through cross-site request forgery | S | |
| CVE-2023-24519 | Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionali... | E | |
| CVE-2023-24520 | Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionali... | E | |
| CVE-2023-24521 | Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 7... | | |
| CVE-2023-24522 | Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700... | | |
| CVE-2023-24523 | An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP... | | |
| CVE-2023-24524 | SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check ... | | |
| CVE-2023-24525 | SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode ... | | |
| CVE-2023-24526 | Improper Access Control in SAP NetWeaver AS Java (Classload Service) | | |
| CVE-2023-24527 | Improper Access Control in SAP NetWeaver AS Java for Deploy Service | | |
| CVE-2023-24528 | SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authe... | | |
| CVE-2023-24529 | Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 73... | | |
| CVE-2023-24530 | SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticate... | | |
| CVE-2023-24531 | Output of "go env" does not sanitize values in cmd/go | | |
| CVE-2023-24532 | Incorrect calculation on P256 curves in crypto/internal/nistec | S | |
| CVE-2023-24533 | Incorrect multiplication of unreduced P-256 scalars in filippo.io/nistec | S | |
| CVE-2023-24534 | Excessive memory allocation in net/http and net/textproto | S | |
| CVE-2023-24535 | Panic when parsing invalid messages in google.golang.org/protobuf | S | |
| CVE-2023-24536 | Excessive resource consumption in net/http, net/textproto and mime/multipart | S | |
| CVE-2023-24537 | Infinite loop in parsing in go/scanner | S | |
| CVE-2023-24538 | Backticks not treated as string delimiters in html/template | S | |
| CVE-2023-24539 | Improper sanitization of CSS values in html/template | S | |
| CVE-2023-24540 | Improper handling of JavaScript whitespace in html/template | S | |
| CVE-2023-24542 | Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before vers... | | |
| CVE-2023-24544 | Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker ... | S | |
| CVE-2023-24545 | On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. | E S | |
| CVE-2023-24546 | On affected versions of the CloudVision Portal improper access controls on the connection from devic... | | |
| CVE-2023-24547 | On Arista MOS configuration of a BGP password will cause the password to be logged in clear text. | S | |
| CVE-2023-24548 | On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets | E S | |
| CVE-2023-24549 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24550 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24551 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24552 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24553 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24554 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24555 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24556 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24557 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24558 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24559 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24560 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24561 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24562 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24563 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24564 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24565 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24566 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24567 | Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A Net... | | |
| CVE-2023-24568 | Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in ... | | |
| CVE-2023-24569 | Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vuln... | | |
| CVE-2023-24571 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user... | | |
| CVE-2023-24572 | Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary fold... | S | |
| CVE-2023-24573 | Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability duri... | | |
| CVE-2023-24574 | Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumptio... | | |
| CVE-2023-24575 | Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, cont... | | |
| CVE-2023-24576 | EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerabi... | S | |
| CVE-2023-24577 | McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper... | | |
| CVE-2023-24578 | McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL side... | | |
| CVE-2023-24579 | McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the ap... | | |
| CVE-2023-24580 | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.... | S | |
| CVE-2023-24581 | A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2... | | |
| CVE-2023-24582 | Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of ... | E | |
| CVE-2023-24583 | Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of ... | E | |
| CVE-2023-24584 | Controller 6000 buffer overflow via upload feature in web interface | M | |
| CVE-2023-24585 | An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-H... | E | |
| CVE-2023-24586 | Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and e... | | |
| CVE-2023-24587 | Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow... | | |
| CVE-2023-24588 | Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) ... | | |
| CVE-2023-24589 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version... | | |
| CVE-2023-24590 | A format string issue in the Controller 6000's optional diagnostic web interface can be used to w... | | |
| CVE-2023-24591 | Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 ma... | | |
| CVE-2023-24592 | Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may... | S | |
| CVE-2023-24593 | Rejected reason: Rejected by upstream.... | R | |
| CVE-2023-24594 | BIG-IP TMM SSL vulnerability | | |
| CVE-2023-24595 | An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality o... | E | |
| CVE-2023-24597 | OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail mes... | | |
| CVE-2023-24598 | OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lis... | | |
| CVE-2023-24599 | OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of ar... | | |
| CVE-2023-24600 | OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for r... | | |
| CVE-2023-24601 | OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's ... | | |
| CVE-2023-24602 | OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a... | | |
| CVE-2023-24603 | OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentia... | | |
| CVE-2023-24604 | OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., ... | | |
| CVE-2023-24605 | OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from ... | | |
| CVE-2023-24607 | Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is u... | S | |
| CVE-2023-24609 | Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for C... | E | |
| CVE-2023-24610 | NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo"... | | |
| CVE-2023-24612 | The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an op... | S | |
| CVE-2023-24613 | The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attac... | | |
| CVE-2023-24619 | Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk bin... | E S | |
| CVE-2023-24620 | An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform ... | E | |
| CVE-2023-24621 | An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to J... | E | |
| CVE-2023-24622 | isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regul... | E | |
| CVE-2023-24623 | Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does ... | S | |
| CVE-2023-24625 | Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Ins... | E | |
| CVE-2023-24626 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such... | S | |
| CVE-2023-24641 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid p... | E | |
| CVE-2023-24642 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid p... | E | |
| CVE-2023-24643 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid p... | E | |
| CVE-2023-24646 | An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System ... | E | |
| CVE-2023-24647 | Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email para... | E | |
| CVE-2023-24648 | Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component... | E | |
| CVE-2023-24651 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulner... | E | |
| CVE-2023-24652 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulner... | E | |
| CVE-2023-24653 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulner... | E | |
| CVE-2023-24654 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulner... | E | |
| CVE-2023-24655 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulner... | E | |
| CVE-2023-24656 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulner... | E | |
| CVE-2023-24657 | phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ... | E S | |
| CVE-2023-24671 | VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which all... | | |
| CVE-2023-24674 | Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges ... | E | |
| CVE-2023-24675 | Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code ... | E | |
| CVE-2023-24676 | An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a rever... | E | |
| CVE-2023-24678 | A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Serv... | | |
| CVE-2023-24684 | ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID param... | E | |
| CVE-2023-24685 | ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event par... | E | |
| CVE-2023-24686 | An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitr... | E | |
| CVE-2023-24687 | Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in t... | E | |
| CVE-2023-24688 | An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if th... | E | |
| CVE-2023-24689 | An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files ins... | E | |
| CVE-2023-24690 | ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerabilit... | E | |
| CVE-2023-24698 | Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allo... | S | |
| CVE-2023-24709 | An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via ... | E | |
| CVE-2023-24720 | An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary c... | E | |
| CVE-2023-24721 | A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute ... | E | |
| CVE-2023-24724 | A stored cross site scripting (XSS) vulnerability was discovered in the user management module of th... | M | |
| CVE-2023-24726 | Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the v... | E | |
| CVE-2023-24728 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnera... | E | |
| CVE-2023-24729 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnera... | E | |
| CVE-2023-24730 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnera... | E | |
| CVE-2023-24731 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnera... | E | |
| CVE-2023-24732 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnera... | E | |
| CVE-2023-24733 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the qu... | E | |
| CVE-2023-24734 | An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attac... | E | |
| CVE-2023-24735 | PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.... | E | |
| CVE-2023-24736 | PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /... | E | |
| CVE-2023-24737 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the qu... | E | |
| CVE-2023-24744 | Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attac... | | |
| CVE-2023-24747 | Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the compone... | | |
| CVE-2023-24751 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at m... | E S | |
| CVE-2023-24752 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_p... | E S | |
| CVE-2023-24754 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pr... | E S | |
| CVE-2023-24755 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fal... | E S | |
| CVE-2023-24756 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_... | E S | |
| CVE-2023-24757 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_... | E S | |
| CVE-2023-24758 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pr... | E S | |
| CVE-2023-24760 | An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd me... | E | |
| CVE-2023-24762 | OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute a... | | |
| CVE-2023-24763 | In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection... | E S | |
| CVE-2023-24769 | Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vu... | E | |
| CVE-2023-24773 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /dat... | E | |
| CVE-2023-24774 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields paramet... | E | |
| CVE-2023-24775 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields paramet... | E | |
| CVE-2023-24776 | Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the compon... | E | |
| CVE-2023-24777 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /dat... | E | |
| CVE-2023-24780 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /dat... | E | |
| CVE-2023-24781 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields paramet... | E | |
| CVE-2023-24782 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /dat... | E | |
| CVE-2023-24785 | An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of... | E | |
| CVE-2023-24787 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-24685. Reason: This record is a du... | R | |
| CVE-2023-24788 | NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber paramet... | E | |
| CVE-2023-24789 | jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the bui... | E | |
| CVE-2023-24795 | Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.... | | |
| CVE-2023-24796 | Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to... | | |
| CVE-2023-24797 | D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 functio... | E | |
| CVE-2023-24798 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function... | | |
| CVE-2023-24799 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function... | | |
| CVE-2023-24800 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function... | | |
| CVE-2023-24804 | ownCloud Android app vulnerable to Path Traversal | E | |
| CVE-2023-24805 | Command injection in cups-filters | E S | |
| CVE-2023-24806 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2023-24807 | Undici vulnerable to Regular Expression Denial of Service in Headers | S | |
| CVE-2023-24808 | Denial Of Service when opening a corrupt PDF file in pdfio | E S | |
| CVE-2023-24809 | NetHack Call command buffer overflow | | |
| CVE-2023-24810 | Cross site scripting (XSS) vulnerability using authentication callback in Misskey | | |
| CVE-2023-24811 | Cross site scripting (XSS) vulnerability using url preview in Misskey | S | |
| CVE-2023-24812 | SQL injection of notes/search-by-tag | S | |
| CVE-2023-24813 | URI validation failure on SVG parsing. Bypass of CVE-2023-23924 | E S | |
| CVE-2023-24814 | Persisted Cross-Site Scripting in Frontend Rendering in typo3 | E S | |
| CVE-2023-24815 | Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web | E S | |
| CVE-2023-24816 | set_term_title command injection in ipython | E S | |
| CVE-2023-24817 | RIOT-OS vulnerable to Out of Bounds write in routing with SRH | S | |
| CVE-2023-24818 | RIOT-OS vulnerable to null pointer dereference during fragment forwarding | E S | |
| CVE-2023-24819 | RIOT-OS vulnerable to Buffer Overflow during IPHC receive | S | |
| CVE-2023-24820 | RIOT-OS vulnerable to Integer Underflow during IPHC receive | S | |
| CVE-2023-24821 | RIOT-OS vulnerable to Integer Underflow during defragmentation | S | |
| CVE-2023-24822 | RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding | S | |
| CVE-2023-24823 | RIOT-OS vulnerable to Packet Type Confusion during IPHC send | S | |
| CVE-2023-24824 | Quadratic complexity may lead to a denial of service in cmark-gfm | E S | |
| CVE-2023-24825 | RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark | S | |
| CVE-2023-24826 | Usage of Uninitialized Timer during forwarding of Fragments with SFR | S | |
| CVE-2023-24827 | Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in syft | E S | |
| CVE-2023-24828 | Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev | S | |
| CVE-2023-24829 | Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench | | |
| CVE-2023-24830 | Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization | | |
| CVE-2023-24831 | Apache IoTDB grafana-connector Login Bypass Vulnerability | | |
| CVE-2023-24832 | A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 co... | S | |
| CVE-2023-24833 | A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878... | S | |
| CVE-2023-24834 | WisdomGarden Tronclass ilearn - Broken Access Control | S | |
| CVE-2023-24835 | Softnext SPAM SQR - Code Injection | S | |
| CVE-2023-24836 | SUNNET CTMS - Path Traversal | | |
| CVE-2023-24837 | HGiga PowerStation - Command Injection | S | |
| CVE-2023-24838 | HGiga PowerStation - Information Leakage | S | |
| CVE-2023-24839 | HGiga MailSherlock - Reflected XSS | S | |
| CVE-2023-24840 | HGiga MailSherlock - SQL Injection | S | |
| CVE-2023-24841 | HGiga MailSherlock - Command Injection | S | |
| CVE-2023-24842 | HGiga MailSherlock - Broken Access Control | S | |
| CVE-2023-24843 | Reachable Assertion in Modem | | |
| CVE-2023-24844 | Improper Access Control in Core | | |
| CVE-2023-24845 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i... | M | |
| CVE-2023-24847 | NULL pointer Dereference in Modem | | |
| CVE-2023-24848 | Buffer Over-read in Data Modem | | |
| CVE-2023-24849 | Buffer Over-read in Data Modem | | |
| CVE-2023-24850 | Improper Validation of Array Index in HLOS | | |
| CVE-2023-24851 | Buffer Copy Without Checking Size of Input in WLAN HOST | S | |
| CVE-2023-24852 | Improper Authentication in Core | | |
| CVE-2023-24853 | Improper Input Validation in HLOS | | |
| CVE-2023-24854 | Stack-based Buffer Overflow in WLAN HOST | S | |
| CVE-2023-24855 | Use of Out-of-range Pointer Offset in Modem | | |
| CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | S | |
| CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability | S | |
| CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability | S | |
| CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability | S | |
| CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2023-24881 | Microsoft Teams Information Disclosure Vulnerability | S | |
| CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability | S | |
| CVE-2023-24883 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24884 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24886 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24887 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability | S | |
| CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | S | |
| CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2023-24895 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-24896 | Dynamics 365 Finance Spoofing Vulnerability | S | |
| CVE-2023-24897 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-24898 | Windows SMB Denial of Service Vulnerability | S | |
| CVE-2023-24899 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2023-24900 | Windows NTLM Security Support Provider Information Disclosure Vulnerability | S | |
| CVE-2023-24901 | Windows NFS Portmapper Information Disclosure Vulnerability | S | |
| CVE-2023-24902 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-24903 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | S | |
| CVE-2023-24904 | Windows Installer Elevation of Privilege Vulnerability | S | |
| CVE-2023-24905 | Remote Desktop Client Remote Code Execution Vulnerability | S | |
| CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24912 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24914 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-24922 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | S | |
| CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability | S | |
| CVE-2023-24924 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24925 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24926 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24927 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24928 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24929 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | S | |
| CVE-2023-24931 | Windows Secure Channel Denial of Service Vulnerability | S | |
| CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | S | |
| CVE-2023-24934 | Microsoft Defender Security Feature Bypass Vulnerability | S | |
| CVE-2023-24935 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2023-24936 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2023-24937 | Windows CryptoAPI Denial of Service Vulnerability | S | |
| CVE-2023-24938 | Windows CryptoAPI Denial of Service Vulnerability | S | |
| CVE-2023-24939 | Server for NFS Denial of Service Vulnerability | S | |
| CVE-2023-24940 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | S | |
| CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability | S | |
| CVE-2023-24942 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | S | |
| CVE-2023-24944 | Windows Bluetooth Driver Information Disclosure Vulnerability | S | |
| CVE-2023-24945 | Windows iSCSI Target Service Information Disclosure Vulnerability | S | |
| CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-24947 | Windows Bluetooth Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-24948 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-24949 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-24950 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2023-24953 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2023-24954 | Microsoft SharePoint Server Information Disclosure Vulnerability | S | |
| CVE-2023-24955 | Microsoft SharePoint Server Remote Code Execution Vulnerability | KEV S | |
| CVE-2023-24956 | Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name p... | E | |
| CVE-2023-24957 | IBM Business Automation Workflow cross-site scripting | S | |
| CVE-2023-24958 | IBM TS7700 Management Interface command injection | | |
| CVE-2023-24959 | IBM InfoSphere Information Server information disclosure | S | |
| CVE-2023-24960 | IBM InfoSphere Information Server information disclosure | S | |
| CVE-2023-24964 | IBM InfoSphere Information Server information disclosure | S | |
| CVE-2023-24965 | IBM Aspera Faspex improper access control | S | |
| CVE-2023-24966 | IBM WebSphere Application Server cross-site scripting | S | |
| CVE-2023-24971 | IBM B2B Advanced Communication denial of service | S | |
| CVE-2023-24975 | IBM Spectrum Symphony HOST header injection | | |
| CVE-2023-24977 | Apache InLong: Jdbc Connection causes arbitrary file reading in InLong | | |
| CVE-2023-24978 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24979 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24980 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24981 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24982 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24983 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24984 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24985 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24986 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24987 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24988 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24989 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24990 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24991 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24992 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24993 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24994 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24995 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24996 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-24997 | Apache InLong: Jdbc Connection Security Bypass | | |
| CVE-2023-24998 | Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts | | |
| CVE-2023-24999 | Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation | |