CVE-2023-25xxx

There are 778 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-25000 Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
S
CVE-2023-25001 A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-fre...
CVE-2023-25002 A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability....
CVE-2023-25003 A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigge...
CVE-2023-25004 A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vul...
CVE-2023-25005 A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWo...
CVE-2023-25006 A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free...
CVE-2023-25007 A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized...
CVE-2023-25008 A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds...
CVE-2023-25009 A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds...
CVE-2023-25010 A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitializ...
CVE-2023-25011 PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attack...
CVE-2023-25012 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c v...
E
CVE-2023-25013 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7....
S
CVE-2023-25014 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7....
S
CVE-2023-25015 Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF....
S
CVE-2023-25016 Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Informatio...
CVE-2023-25017 Rifartek IOT Wall - Broken Access Control
S
CVE-2023-25018 Rifartek IOT Wall - Reflected XSS
S
CVE-2023-25019 WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25020 WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25021 WordPress FareHarbor for WordPress Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25022 WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25023 WordPress WebinarIgnition Plugin <= 2.14.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25024 WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25025 WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25026 WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability
S
CVE-2023-25027 WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25028 WordPress CC Custom Taxonomy Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25029 WordPress WP Social Bookmarking Light Plugin <= 2.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25030 WordPress Buy Me a Coffee plugin <= 3.7 - Broken Access Control vulnerability
S
CVE-2023-25031 WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25032 WordPress Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25033 WordPress Social Share Boost Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25034 WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25035 WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability
S
CVE-2023-25036 WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25037 WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability
S
CVE-2023-25038 WordPress For the visually impaired Plugin <= 0.58 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25039 WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability
S
CVE-2023-25040 WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25041 WordPress Monolit Theme <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25042 WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25043 WordPress Data Tables Generator by Supsystic Plugin <= 1.10.25 is vulnerable to Broken Access Control
S
CVE-2023-25044 WordPress Social Share Boost Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25045 WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
S
CVE-2023-25046 WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25047 WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
S
CVE-2023-25048 WordPress Fantastic Content Protector Free plugin <= 2.6 - Broken Access Control vulnerability
CVE-2023-25049 WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25050 WordPress Shortcodes Ultimate plugin <= 5.12.6 - Arbitrary File Download vulnerability
S
CVE-2023-25051 WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25052 WordPress Yandex.News Feed by Teplitsa Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25054 WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Remote Code Execution (RCE)
S
CVE-2023-25055 WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25056 WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25057 WordPress Libsyn Publisher Hub Plugin <= 1.3.2 is vulnerable to Sensitive Data Exposure
S
CVE-2023-25058 WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25059 WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25060 WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability
S
CVE-2023-25061 WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25062 WordPress Pinpoint Booking System Plugin <= 2.9.9.2.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25063 WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25064 WordPress WP htpasswd Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25065 WordPress WP Tabs Plugin <= 2.1.14 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25066 WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25067 WordPress We’re Open! plugin <= 1.45 - Broken Access Control vulnerability
S
CVE-2023-25069 TXOne StellarOne has an improper access control privilege escalation vulnerability in every version ...
CVE-2023-25070 Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 ...
CVE-2023-25071 NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers bef...
CVE-2023-25072 Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may a...
CVE-2023-25073 Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authentica...
CVE-2023-25074 Competency access levels not enforced in the server
CVE-2023-25075 Unquoted search path in the installer for some Intel Server Configuration Utility software before ve...
S
CVE-2023-25076 A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2...
E S
CVE-2023-25077 Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-C...
S
CVE-2023-25078 DoS due to heap overflow
CVE-2023-25080 Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before versi...
S
CVE-2023-25081 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25082 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25083 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25084 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25085 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25086 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25087 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25088 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25089 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25090 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25091 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25092 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25093 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25094 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25095 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25096 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25097 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25098 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25099 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25100 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25101 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25102 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25103 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25104 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25105 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25106 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25107 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25108 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25109 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25110 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25111 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25112 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25113 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25114 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25115 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25116 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25117 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25118 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25119 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25120 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25121 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25122 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25123 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25124 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25125 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25126 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25127 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25128 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25129 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25130 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25131 Use of default password vulnerability in CyberPower PowerPanel Business
CVE-2023-25132 Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business
CVE-2023-25133 Improper privilege management vulnerability in CyberPower PowerPanel Business
CVE-2023-25134 McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to...
CVE-2023-25135 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a...
E
CVE-2023-25136 OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handl...
E S
CVE-2023-25139 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situat...
E
CVE-2023-25140 A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (...
CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base
CVE-2023-25143 An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could...
CVE-2023-25144 An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attac...
CVE-2023-25145 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a ...
CVE-2023-25146 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local ...
CVE-2023-25147 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired admin...
CVE-2023-25148 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t...
CVE-2023-25149 TimescaleDB has incorrect access control
S
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
S
CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib
E
CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings
S
CVE-2023-25153 containerd OCI image importer memory exhaustion
S
CVE-2023-25154 Cross site scripting (XSS) of ActivityPub URI in misskey
CVE-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.
S
CVE-2023-25156 Kiwi TCMS has no protection against brute-force attacks on login page
S
CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver
S
CVE-2023-25158 Unfiltered SQL Injection in Geotools
S
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail
S
CVE-2023-25161 Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
S
CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
E
CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs
S
CVE-2023-25164 Sensitive Information leak via Script File in TinaCMS
S
CVE-2023-25165 getHostByName Function Information Disclosure
E S
CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability
S
CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse
S
CVE-2023-25168 Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings
S
CVE-2023-25169 Yearly Review Plugin leaking anonymised users data in discourse-yearly-review
S
CVE-2023-25170 PrestaShop has possible CSRF token fixation
CVE-2023-25171 Kiwi TCMS has denial of service vulnerability on Password reset page
S
CVE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post
S
CVE-2023-25173 containerd supplementary groups are not set up properly
E S
CVE-2023-25174 Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may ...
CVE-2023-25175 Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a...
S
CVE-2023-25176 Pasteboard has an out-of-bounds read vulnerability
S
CVE-2023-25177 Delta Electronics CNCSoft-B DOPSoft Stack-based buffer overflow
S
CVE-2023-25178 Controller design flaw - unsigned firmware
CVE-2023-25179 Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may...
CVE-2023-25180 Rejected reason: Rejected by upstream....
R
CVE-2023-25181 A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedde...
E
CVE-2023-25182 Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2...
CVE-2023-25183 In Snap One OvrC Pro versions prior to 7.2, when logged into the su...
S
CVE-2023-25184 Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a ...
CVE-2023-25185 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solu...
CVE-2023-25186 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS...
CVE-2023-25187 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN comm...
E
CVE-2023-25188 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS...
CVE-2023-25189 BTS is affected by information disclosure vulnerability where mobile network operator personnel conn...
CVE-2023-25191 AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-upd...
CVE-2023-25192 AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-...
CVE-2023-25193 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via con...
S
CVE-2023-25194 Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
M
CVE-2023-25195 Apache Fineract: SSRF template type vulnerability in certain authenticated users
CVE-2023-25196 Apache Fineract: SQL injection vulnerability
CVE-2023-25197 apache fineract: SQL injection vulnerability in certain procedure calls
CVE-2023-25199 A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver...
CVE-2023-25200 An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 th...
CVE-2023-25201 Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-...
E
CVE-2023-25206 PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection....
E
CVE-2023-25207 PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php....
E
CVE-2023-25210 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTi...
CVE-2023-25211 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecuri...
CVE-2023-25212 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirel...
CVE-2023-25213 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_...
CVE-2023-25214 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi...
CVE-2023-25215 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentCo...
CVE-2023-25216 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirew...
CVE-2023-25217 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasi...
CVE-2023-25218 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_se...
CVE-2023-25219 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpList...
CVE-2023-25220 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_no...
CVE-2023-25221 Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatia...
E S
CVE-2023-25222 A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC functio...
E
CVE-2023-25223 CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list....
E
CVE-2023-25230 A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application t...
E
CVE-2023-25231 Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via pa...
E
CVE-2023-25233 Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via paramete...
E
CVE-2023-25234 Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameter...
E
CVE-2023-25235 Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parame...
E
CVE-2023-25240 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitra...
E
CVE-2023-25241 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ...
E
CVE-2023-25260 Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion....
E
CVE-2023-25261 Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Des...
CVE-2023-25262 Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSR...
E
CVE-2023-25263 In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft....
E
CVE-2023-25264 An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can ...
E
CVE-2023-25265 Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrar...
E
CVE-2023-25266 An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can ch...
E
CVE-2023-25267 An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based...
E
CVE-2023-25279 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privile...
E
CVE-2023-25280 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privile...
KEV E
CVE-2023-25281 A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows at...
E
CVE-2023-25282 A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of ser...
E
CVE-2023-25283 A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of se...
E
CVE-2023-25289 Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-18...
E
CVE-2023-25292 Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers ...
E
CVE-2023-25295 A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53...
E
CVE-2023-25303 ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafte...
E
CVE-2023-25304 An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importin...
CVE-2023-25305 PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously craf...
E S
CVE-2023-25306 MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal....
E
CVE-2023-25307 nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal....
E
CVE-2023-25309 Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to exec...
E
CVE-2023-25313 OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attack...
E
CVE-2023-25314 Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows ...
S
CVE-2023-25330 A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbit...
E
CVE-2023-25341 A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the ...
CVE-2023-25344 An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execut...
E
CVE-2023-25345 Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers...
E
CVE-2023-25346 A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to i...
E
CVE-2023-25347 A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inj...
E
CVE-2023-25348 ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First ...
E
CVE-2023-25350 Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login bo...
E
CVE-2023-25355 CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the...
E
CVE-2023-25356 CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Deli...
E
CVE-2023-25358 A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows a...
CVE-2023-25360 A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows a...
CVE-2023-25361 A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 al...
CVE-2023-25362 A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK befor...
CVE-2023-25363 A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK ...
CVE-2023-25364 Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and ...
CVE-2023-25365 Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arb...
E
CVE-2023-25366 In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password....
CVE-2023-25367 Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code E...
E M
CVE-2023-25368 Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthent...
E M
CVE-2023-25369 Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interfac...
E
CVE-2023-25392 Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation....
E S
CVE-2023-25394 Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts t...
E
CVE-2023-25395 TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerab...
E
CVE-2023-25396 Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below al...
CVE-2023-25399 A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab i...
E S
CVE-2023-25402 CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of...
E
CVE-2023-25403 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT...
E
CVE-2023-25407 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to ...
E
CVE-2023-25409 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other...
E
CVE-2023-25411 Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF)....
E
CVE-2023-25413 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated acc...
E
CVE-2023-25414 Aten PE8108 2.4.232 is vulnerable to denial of service (DOS)....
E
CVE-2023-25415 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated acc...
E
CVE-2023-25428 A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create a...
CVE-2023-25431 An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via ...
E
CVE-2023-25432 An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can...
E
CVE-2023-25433 libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updatin...
E S
CVE-2023-25434 libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tif...
E
CVE-2023-25435 libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/to...
E S
CVE-2023-25437 An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain esc...
E
CVE-2023-25438 An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary c...
CVE-2023-25439 Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attacke...
E
CVE-2023-25440 Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, all...
E
CVE-2023-25442 WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)
E S
CVE-2023-25443 WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25444 WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability
S
CVE-2023-25447 WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25448 WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25449 WordPress CformsII Plugin <=15.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25450 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25451 WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25452 WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25453 WordPress WordPress Tables Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25454 WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability
S
CVE-2023-25455 WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability
S
CVE-2023-25456 WordPress Klaviyo Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25457 WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability
S
CVE-2023-25458 WordPress TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25459 WordPress Post Snippets Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25460 WordPress Easy Ad Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25461 WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25462 WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25463 WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25464 WordPress Twitch Player Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25465 WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25466 WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25467 WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25468 WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25469 WordPress Easy Table of Contents plugin <= 2.0.45.2 - Broken Access Control vulnerability
S
CVE-2023-25470 WordPress Rus-To-Lat Plugin <= 0.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25471 WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25472 WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25473 WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25474 WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25475 WordPress Smart YouTube PRO Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25476 WordPress AmpedSense – AdSense Split Tester Plugin <= 4.68 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25477 WordPress Video Gallery Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25478 WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25480 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25481 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25482 WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25483 WordPress Easy Coming Soon Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25484 WordPress Simple Yearly Archive Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25485 WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25486 WordPress Clone plugin <= 2.3.7 - Broken Access Control vulnerability
S
CVE-2023-25487 WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25489 WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25490 WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25491 WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25492 A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface...
S
CVE-2023-25493 A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, ...
S
CVE-2023-25494 A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation p...
S
CVE-2023-25495 A valid, authenticated administrative user can query a web interface API to reveal the configured LD...
S
CVE-2023-25496 A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager...
S
CVE-2023-25499 Possible information disclosure in non visible components
S
CVE-2023-25500 Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 2...
S
CVE-2023-25504 Apache Superset: Possible SSRF on import datasets
CVE-2023-25505 NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an atta...
CVE-2023-25506 NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a ...
CVE-2023-25507 NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriat...
CVE-2023-25508 NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriat...
CVE-2023-25509 NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of serv...
CVE-2023-25510 NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, wher...
CVE-2023-25511 NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by...
CVE-2023-25512 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker m...
CVE-2023-25513 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker m...
CVE-2023-25514 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker m...
CVE-2023-25515 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrust...
CVE-2023-25516 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unp...
CVE-2023-25517 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a gue...
CVE-2023-25518 NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without I...
CVE-2023-25519 NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where...
CVE-2023-25520 NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local...
CVE-2023-25521 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution wi...
CVE-2023-25522 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper i...
CVE-2023-25523 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, w...
CVE-2023-25524 NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authent...
CVE-2023-25525 NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet r...
CVE-2023-25526 NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adj...
CVE-2023-25527 NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local at...
CVE-2023-25528 NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugi...
CVE-2023-25529 NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unaut...
CVE-2023-25530 NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause imprope...
CVE-2023-25531 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient prote...
CVE-2023-25532 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient prote...
CVE-2023-25533 NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper inp...
CVE-2023-25534 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input val...
CVE-2023-25535 Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initi...
CVE-2023-25536 Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. ...
S
CVE-2023-25537 Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2...
CVE-2023-25539 Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A ...
CVE-2023-25540 Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local mali...
S
CVE-2023-25542 Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions...
CVE-2023-25543 Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM ...
S
CVE-2023-25544 Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. ...
CVE-2023-25545 Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allo...
S
CVE-2023-25546 Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to pote...
CVE-2023-25547 A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on u...
CVE-2023-25548 A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentia...
CVE-2023-25549 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that...
CVE-2023-25550 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists th...
CVE-2023-25551 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Script...
CVE-2023-25552 A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized co...
CVE-2023-25553 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scri...
CVE-2023-25554 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inject...
CVE-2023-25555 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Comm...
CVE-2023-25556 A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised...
CVE-2023-25557 Server-Side Request Forgery in DataHub
CVE-2023-25558 Deserialization of untrusted data in DataHub
S
CVE-2023-25559 System account impersonation in DataHub
CVE-2023-25560 JSON Injection in DataHub
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub
CVE-2023-25563 GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields
S
CVE-2023-25564 GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings
S
CVE-2023-25565 GSS-NTLMSSP vulnerable to incorrect free when decoding target information
S
CVE-2023-25566 GSS-NTLMSSP vulnerable to memory leak when parsing usernames
S
CVE-2023-25567 GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information
S
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
S
CVE-2023-25569 apollo-portal has potential CSRF issue
S
CVE-2023-25570 Apollo has potential access control security issue in eureka
S
CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog
S
CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on ``
E S
CVE-2023-25573 Improper access control to download file in metersphere
E
CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated
CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections
S
CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts
S
CVE-2023-25577 Werkzeug may allow high resource usage when parsing multipart form data with many fields
S
CVE-2023-25578 Starlite DoS vulnerability when parsing multipart request body
E S
CVE-2023-25579 Directory traversal in Nextcloud server
S
CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j
CVE-2023-25582 Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR3...
E
CVE-2023-25583 Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR3...
E
CVE-2023-25584 Out of bounds read in parse_module function in bfd/vms-alpha.c
S
CVE-2023-25585 Field `file_table` of `struct module *module` is uninitialized
E S
CVE-2023-25586 Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
E S
CVE-2023-25587 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-25588 Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
E S
CVE-2023-25589 Unauthenticated Arbitrary User Creation Leads to Complete System Compromise
CVE-2023-25590 Local Privilege Escalation in ClearPass OnGuard Linux Agent
CVE-2023-25591 Authenticated Information Disclosure in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25592 Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25593 Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25594 Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25595 Sensitive Information Disclosure in ClearPass OnGuard Ubuntu Agent
CVE-2023-25596 Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
CVE-2023-25597 A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an u...
CVE-2023-25598 A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21...
CVE-2023-25599 A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500....
CVE-2023-25600 An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writabl...
CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication
CVE-2023-25602 A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and ea...
S
CVE-2023-25603 A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7...
S
CVE-2023-25604 An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allow...
S
CVE-2023-25605 A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authe...
S
CVE-2023-25606 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE...
S
CVE-2023-25607 An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulner...
S
CVE-2023-25608 An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the ...
S
CVE-2023-25609 A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7...
S
CVE-2023-25610 A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet F...
S
CVE-2023-25611 A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer ...
S
CVE-2023-25613 LDAP Injection Vulnerability in Apache Kerby
CVE-2023-25614 SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752,...
CVE-2023-25615 SQL Injection vulnerability in SAP ABAP Platform
CVE-2023-25616 Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
CVE-2023-25617 OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)
CVE-2023-25618 Denial of Service (DoS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
CVE-2023-25619 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cau...
CVE-2023-25620 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could c...
CVE-2023-25621 Apache Sling does not allow to handle i18n content in a secure way
CVE-2023-25632 The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock...
CVE-2023-25642 Two Vulnerabilities in Some ZTE Mobile Internet Products
S
CVE-2023-25643 Two Vulnerabilities in Some ZTE Mobile Internet Products
S
CVE-2023-25644 Denial of Service Vulnerability in Some ZTE Mobile Internet Products
S
CVE-2023-25645 There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper p...
CVE-2023-25646 Permission and Access Control Vulnerability in ZTE H388X
S
CVE-2023-25647 Permission and Access Control Vulnerability in Some ZTE Mobile Phones
CVE-2023-25648 Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI
S
CVE-2023-25649 OS Command Injection Vulnerability in a Mobile Internet Product of ZTE
S
CVE-2023-25650 Arbitrary File Download Vulnerability in ZTE ZXCLOUD iRAI
S
CVE-2023-25651 SQL Injection Vulnerability in Some ZTE Mobile Internet Products
S
CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write
S
CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
S
CVE-2023-25654 baserCMS File Uploader Remote Code Execution (RCE) vulnerability
S
CVE-2023-25655 baserCMS allows any file to be uploaded
S
CVE-2023-25656 notation-go has excessive memory allocation on verification
CVE-2023-25657 Remote code execution in Jinja2 template rendering in Nautobot
S
CVE-2023-25658 TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
S
CVE-2023-25659 TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
S
CVE-2023-25660 TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
S
CVE-2023-25661 Denial of Service in TensorFlow
E S
CVE-2023-25662 TensorFlow vulnerable to integer overflow in EditDistance
S
CVE-2023-25663 TensorFlow has Null Pointer Error in TensorArrayConcatV2
S
CVE-2023-25664 TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad
S
CVE-2023-25665 TensorFlow has Null Pointer Error in SparseSparseMaximum
E S
CVE-2023-25666 TensorFlow has Floating Point Exception in AudioSpectrogram
S
CVE-2023-25667 TensorFlow vulnerable to segfault when opening multiframe gif
S
CVE-2023-25668 TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation
E S
CVE-2023-25669 TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
S
CVE-2023-25670 TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
S
CVE-2023-25671 TensorFlow has segmentation fault in tfg-translate
S
CVE-2023-25672 TensorFlow has Null Pointer Error in LookupTableImportV2
S
CVE-2023-25673 TensorFlow has Floating Point Exception in TensorListSplit with XLA
S
CVE-2023-25674 TensorFlow has Null Pointer Error in RandomShuffle with XLA enable
S
CVE-2023-25675 TensorFlow has Segfault in Bincount with XLA
S
CVE-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA
S
CVE-2023-25680 IBM Robotic Process Automation information disclosure
S
CVE-2023-25681 IBM Spectrum Virtualize security bypass
CVE-2023-25682 IBM Sterling B2B Integrator information disclosure
CVE-2023-25683 IBM PowerVM Hypervisor information disclosure
CVE-2023-25684 IBM Security Key Lifecycle Manager SQL injection
S
CVE-2023-25686 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25687 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25688 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25689 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
CVE-2023-25691 Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution
S
CVE-2023-25692 Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service
S
CVE-2023-25693 Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
S
CVE-2023-25694 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-25695 Information disclosure in Apache Airflow
S
CVE-2023-25696 Apache Airflow Hive Provider Beeline RCE
S
CVE-2023-25697 WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability
S
CVE-2023-25698 WordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25699 WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE)
S
CVE-2023-25700 WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
S
CVE-2023-25701 WordPress WatchTowerHQ plugin <= 3.6.16 - Privilege Escalation
S
CVE-2023-25702 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25703 WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability
S
CVE-2023-25704 WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25705 WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25706 WordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25707 WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25708 WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25709 WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25710 WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25711 WordPress WPGlobus Translate Options Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25712 WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25713 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25714 WordPress Quick Paypal Payments plugin <= 5.7.25 - Broken Access Control vulnerability
S
CVE-2023-25715 WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control
S
CVE-2023-25716 WordPress Announce from the Dashboard Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25717 Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Requ...
KEV E S
CVE-2023-25718 In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable fil...
CVE-2023-25719 ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-suppl...
E
CVE-2023-25721 Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and ...
CVE-2023-25722 A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan...
CVE-2023-25723 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-25724 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently l...
CVE-2023-25727 In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading...
S
CVE-2023-25728 The Content-Security-Policy-Report-Only header could allow an attacker to leak a child ...
CVE-2023-25729 Permission prompts for opening external schemes were only shown for ContentPrincipals r...
CVE-2023-25730 A background script invoking requestFullscreen and then blocking the main thread could ...
CVE-2023-25731 Due to URL previews in the network panel of developer tools improperly storing URLs, query parameter...
CVE-2023-25732 When encoding data from an inputStream in xpcom the size of the input bein...
CVE-2023-25733 The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potenti...
CVE-2023-25734 After downloading a Windows .url shortcut from the local filesystem, an attacker could ...
E
CVE-2023-25735 Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartmen...
CVE-2023-25736 An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. Thi...
CVE-2023-25737 An invalid downcast from nsTextNode to SVGElement could have lead to undef...
CVE-2023-25738 Members of the DEVMODEW struct set by the printer device driver weren't being validated...
CVE-2023-25739 Module load requests that failed were not being checked as to whether or not they were cancelled cau...
CVE-2023-25740 After downloading a Windows .scf script from the local filesystem, an attacker could su...
CVE-2023-25741 When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This...
E
CVE-2023-25742 When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing th...
CVE-2023-25743 A lack of in app notification for entering fullscreen mode could have lead to a malicious website sp...
CVE-2023-25744 Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence...
CVE-2023-25745 Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption a...
CVE-2023-25746 Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corrup...
CVE-2023-25747 A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on And...
CVE-2023-25748 By displaying a prompt with a long description, the fullscreen notification could have been hidden, ...
CVE-2023-25749 Android applications with unpatched vulnerabilities can be launched from a browser using Intents, ex...
CVE-2023-25750 Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when...
CVE-2023-25751 Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be...
CVE-2023-25752 When accessing throttled streams, the count of available bytes needed to be checked in the calling f...
CVE-2023-25753 Server-Side Request Forgery in Apache ShenYu
CVE-2023-25754 Apache Airflow: Privilege escalation using airflow logs
S
CVE-2023-25755 Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of o...
CVE-2023-25756 Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user...
CVE-2023-25757 Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privil...
CVE-2023-25758 Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle at...
CVE-2023-25759 OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman...
CVE-2023-25760 Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated...
CVE-2023-25761 Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaSc...
CVE-2023-25762 Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expre...
CVE-2023-25763 Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled e...
CVE-2023-25764 Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email...
CVE-2023-25765 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subje...
CVE-2023-25766 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows ...
CVE-2023-25767 A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e8...
CVE-2023-25768 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows ...
CVE-2023-25769 Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before ve...
CVE-2023-25770 Controller stack overflow on decoding messages from the server
CVE-2023-25771 Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potential...
S
CVE-2023-25772 Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0....
CVE-2023-25773 Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4...
CVE-2023-25774 A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEt...
E
CVE-2023-25775 Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9...
CVE-2023-25776 Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a...
S
CVE-2023-25777 Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m...
CVE-2023-25779 Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before ver...
CVE-2023-25780 Status Internet Co.,Ltd. PowerBPM - Broken Access Control
CVE-2023-25781 WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25782 WordPress Service Area Postcode Checker Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25783 WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25784 WordPress Sticky Ad Bar Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25785 WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability
CVE-2023-25786 WordPress Eyes Only: User Access Shortcode Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25787 WordPress WP资源下载管理 Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25788 WordPress Saphali Woocommerce Lite Plugin <= 1.8.13 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25789 WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25790 WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection
S
CVE-2023-25791 WordPress Fontiran plugin <= 2.1 - Broken Access Control vulnerability
CVE-2023-25792 WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25793 WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25794 WordPress Nooz Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25795 WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25796 WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25797 WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25798 WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25799 WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities
S
CVE-2023-25800 WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection
S
CVE-2023-25801 TensorFlow has double free in Fractional(Max/Avg)Pool
S
CVE-2023-25802 Roxy-WI has Path Traversal vulnerability
E S
CVE-2023-25803 Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions pri...
E
CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter
E
CVE-2023-25805 versionn Command Injection Vulnerability
S
CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch
CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability
E S
CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
E S
CVE-2023-25810 Persistent Cross site scripting (XSS) through description in status page in Uptime Kuma
CVE-2023-25811 Persistent Cross site scripting (XSS) in Uptime Kuma
E
CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio
E S
CVE-2023-25813 SQL Injection via replacements in sequelize
E S
CVE-2023-25814 Arbitrary File Read Vulnerability in metersphere
E
CVE-2023-25815 Git looks for localized messages in the wrong place
S
CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption
E S
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server
S
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server
S
CVE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag
S
CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal
S
CVE-2023-25821 Nextcloud download permissions can be changed by resharer
E S
CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements
M
CVE-2023-25823 Gradio contains Use of Hard-coded Credentials
CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout
E S
CVE-2023-25825 ZoneMinder contains Cross-site Scripting via log viewing
E S
CVE-2023-25826 Remote Code Execution in OpenTSDB
S
CVE-2023-25827 Cross-site Scripting in OpenTSDB
S
CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS
S
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS.
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS
S
CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.
CVE-2023-25832 BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS.
CVE-2023-25833 BUG-000155004 HTML injection issue in Portal for ArcGIS.
S
CVE-2023-25834 BUG-000142922 Incomplete permission changes in specific cases.
S
CVE-2023-25835 BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability
CVE-2023-25836 BUG-000135364 XSS in 10.8.1 sites builder iframe source
CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
CVE-2023-25838 BUG-000157278 – ArcGIS Insights has a security vulnerability.
S
CVE-2023-25839 BUG-000157278 – ArcGIS Insights has a security vulnerability - desktop
S
CVE-2023-25840 BUG-000154070 Stored XSS issue in the ArcGIS REST Services directory
CVE-2023-25841 BUG-000158075 Stored XSS issue in ArcGIS Server
S
CVE-2023-25848 BUG-000158039 - There is an information disclosure issue in ArcGIS Server.
CVE-2023-25859 Adobe Illustrator Improper Input Validation Remote Code Execution Vulnerability
CVE-2023-25860 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-25861 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-25862 Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-25863 Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25864 Adobe Substance 3D Stager FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25865 Adobe Substance 3D Stager OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability
S
CVE-2023-25866 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25867 Adobe Substance 3D Stager PCX File Parsing Memory Corruption Remote Code Execution Vulnerability
S
CVE-2023-25868 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25869 Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25870 Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25871 Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25872 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25873 Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25874 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25875 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25876 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25877 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25878 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25879 ZDI-CAN-19389: Adobe Dimension OBJ File Improper Input Validation Remote Code Execution
S
CVE-2023-25880 ZDI-CAN-19412: Adobe Dimension GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25881 ZDI-CAN-19390: Adobe Dimension OBJ File Improper Input Validation Remote Code Execution
S
CVE-2023-25882 ZDI-CAN-19385: Adobe Dimension OBJ File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25883 ZDI-CAN-19386: Adobe Dimension FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25884 ZDI-CAN-19411: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25885 ZDI-CAN-19480: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25886 ZDI-CAN-19452: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25887 ZDI-CAN-19450: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25888 ZDI-CAN-19451: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25889 ZDI-CAN-19466: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25890 ZDI-CAN-19493: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25891 ZDI-CAN-19542: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25892 ZDI-CAN-19523: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25893 ZDI-CAN-19539: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25894 ZDI-CAN-19543: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25895 ZDI-CAN-19540: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25896 ZDI-CAN-19541: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25897 ZDI-CAN-19520: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25898 ZDI-CAN-19521: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25899 ZDI-CAN-19522: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25900 ZDI-CAN-19559: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25901 ZDI-CAN-19508: Adobe Dimension USD File Improper Input Validation Remote Code Execution Vulnerability
S
CVE-2023-25902 ZDI-CAN-19560: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25903 Adobe Dimension USDZ files Integer Overflow or Wraparound Arbitrary code execution
S
CVE-2023-25904 Adobe Dimension Out-of-bounds Read USDZ file Arbitrary code execution
S
CVE-2023-25905 ZDI-CAN-20031: Adobe Dimension OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25906 ZDI-CAN-20046: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25907 ZDI-CAN-20216: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25908 Adobe Photoshop SVG file Use After Free Arbitrary code execution
S
CVE-2023-25909 HGiga Inc. OAKlouds - Arbitrary File Upload
S
CVE-2023-25910 A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (...
S
CVE-2023-25911 Authenticated OS Command Injection in Danfoss AK-EM100
M
CVE-2023-25912 Webreport disclosure to unauthorized actor in Danfoss AK-EM100
M
CVE-2023-25913 Authentication Bypass in Danfoss AK-SM800A
M
CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A
M
CVE-2023-25915 Authenticated Remote Command Execution in Danfoss AK-SM800A
M
CVE-2023-25921 IBM Security Guardium Key Lifecycle Manager file upload
S
CVE-2023-25922 IBM Security Guardium Key Lifecycle Manager file upload
S
CVE-2023-25923 IBM Security Key Lifecycle Manager denial of service
S
CVE-2023-25924 IBM Security Key Lifecycle Manager improper authorization
S
CVE-2023-25925 IBM Security Guardium Key Lifecycle Manager command injection
S
CVE-2023-25926 IBM Security Guardium Key Lifecycle Manager XML external entity injection
S
CVE-2023-25927 IBM Security Verify Access denial of service
CVE-2023-25928 IBM InfoSphere Information Server cross-site scripting
S
CVE-2023-25929 IBM Cognos Analytics cross-site scripting
S
CVE-2023-25930 IBM Db2 denial of service
CVE-2023-25931 Medtronic Micro Clinician & InterStim X Clinician App Password Reset Issue
S
CVE-2023-25933 A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could ha...
S
CVE-2023-25934 DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerabilit...
CVE-2023-25936 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-25937 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-25938 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-25940 Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerab...
S
CVE-2023-25941 Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low...
S
CVE-2023-25942 Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerabili...
S
CVE-2023-25944 Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd...
CVE-2023-25945 Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authe...
CVE-2023-25946 Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a...
CVE-2023-25947 The bundle management subsystem has a improper input validation when installing a HAP package.
CVE-2023-25948 Server Data type confusion - info leak
CVE-2023-25949 Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow...
CVE-2023-25950 HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a ...
CVE-2023-25951 Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software b...
CVE-2023-25952 Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow a...
CVE-2023-25953 Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attack...
CVE-2023-25954 KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, an...
CVE-2023-25955 National land numerical information data conversion tool all versions improperly restricts XML exter...
CVE-2023-25956 Apache Airflow AWS Provider: Arbitrary file read via AWS provider
S
CVE-2023-25957 A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < ...
CVE-2023-25958 WordPress Simple Tooltips Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25959 WordPress Apollo13 Framework Extensions plugin <= 1.8.10 - Broken Access Control
S
CVE-2023-25960 WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to SQL Injection
S
CVE-2023-25961 WordPress Darcie Theme <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25962 WordPress Accordions Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25963 WordPress JS Job Manager Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25964 WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25965 WordPress Upload Resume plugin <= 1.2.0 - Sensitive Data Exposure vulnerability
CVE-2023-25966 WordPress FileBird plugin <= 5.1.4 - Broken Access Control vulnerability
S
CVE-2023-25967 WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25968 WordPress Client Portal – Private user pages and login Plugin <= 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25970 WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload
S
CVE-2023-25971 WordPress Educare – Students & Result Management System Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25972 WordPress Старт Plugin <= 3.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25973 WordPress Auto Affiliate Links Plugin <= 6.3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25974 WordPress wp2syslog Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25975 WordPress Etsy Shop Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25976 WordPress Integration for Contact Form 7 and Zoho CRM, Bigin Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25977 WordPress CPT – Speakers Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25978 WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25979 WordPress Video Gallery – YouTube Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25980 WordPress Optimize Database after Deleting Revisions Plugin <= 5.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25981 WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25982 WordPress Simple YouTube Responsive Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25983 WordPress KB Support Plugin <= 1.5.84 is vulnerable to CSV Injection
S
CVE-2023-25984 WordPress Dovetail Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25985 WordPress WordPress Tooltips Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25986 WordPress PayGreen Plugin <= 4.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25987 WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25988 WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability
S
CVE-2023-25989 Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks
S
CVE-2023-25990 WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
S
CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25992 WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25993 WordPress Top 10 – Popular posts plugin for WordPress plugin <= 3.2.3 - Broken Access Control vulnerability
S
CVE-2023-25994 WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25995 WordPress AI Mortgage Calculator <= 1.0.1 - Local File Inclusion Vulnerability
CVE-2023-25997 WordPress Sola Support Ticket <= 3.17 - Arbitrary Content Deletion Vulnerability
CVE-2023-25998 WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability
CVE-2023-25999 WordPress BodyCenter - Gym, Fitness WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.