CVE-2023-25xxx

There are 774 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-25000 Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
S
CVE-2023-25001 A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-fre...
CVE-2023-25002 A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability....
CVE-2023-25003 A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigge...
CVE-2023-25004 A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vul...
CVE-2023-25005 A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWo...
CVE-2023-25006 A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free...
CVE-2023-25007 A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized...
CVE-2023-25008 A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds...
CVE-2023-25009 A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds...
CVE-2023-25010 A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitializ...
CVE-2023-25011 PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attack...
CVE-2023-25012 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c v...
E
CVE-2023-25013 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7....
S
CVE-2023-25014 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7....
S
CVE-2023-25015 Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF....
S
CVE-2023-25016 Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Informatio...
CVE-2023-25017 Rifartek IOT Wall - Broken Access Control
S
CVE-2023-25018 Rifartek IOT Wall - Reflected XSS
S
CVE-2023-25019 WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25020 WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25021 WordPress FareHarbor for WordPress Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25022 WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25023 WordPress WebinarIgnition Plugin <= 2.14.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25024 WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25025 WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25026 WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability
S
CVE-2023-25027 WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25028 WordPress CC Custom Taxonomy Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25029 WordPress WP Social Bookmarking Light Plugin <= 2.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25030 WordPress Buy Me a Coffee plugin <= 3.7 - Broken Access Control vulnerability
S
CVE-2023-25031 WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25032 WordPress Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25033 WordPress Social Share Boost Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25034 WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25035 WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability
S
CVE-2023-25036 WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25037 WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability
S
CVE-2023-25038 WordPress For the visually impaired Plugin <= 0.58 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25039 WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability
S
CVE-2023-25040 WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25041 WordPress Monolit Theme <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25042 WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25043 WordPress Data Tables Generator by Supsystic Plugin <= 1.10.25 is vulnerable to Broken Access Control
S
CVE-2023-25044 WordPress Social Share Boost Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25045 WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
S
CVE-2023-25046 WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25047 WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
S
CVE-2023-25048 WordPress Fantastic Content Protector Free plugin <= 2.6 - Broken Access Control vulnerability
CVE-2023-25049 WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25050 WordPress Shortcodes Ultimate plugin <= 5.12.6 - Arbitrary File Download vulnerability
S
CVE-2023-25051 WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25052 WordPress Yandex.News Feed by Teplitsa Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25054 WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Remote Code Execution (RCE)
S
CVE-2023-25055 WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25056 WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25057 WordPress Libsyn Publisher Hub Plugin <= 1.3.2 is vulnerable to Sensitive Data Exposure
S
CVE-2023-25058 WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25059 WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25060 WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability
S
CVE-2023-25061 WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25062 WordPress Pinpoint Booking System Plugin <= 2.9.9.2.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25063 WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25064 WordPress WP htpasswd Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25065 WordPress WP Tabs Plugin <= 2.1.14 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25066 WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25067 WordPress We’re Open! plugin <= 1.45 - Broken Access Control vulnerability
S
CVE-2023-25069 TXOne StellarOne has an improper access control privilege escalation vulnerability in every version ...
CVE-2023-25070 Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 ...
CVE-2023-25071 NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers bef...
CVE-2023-25072 Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may a...
CVE-2023-25073 Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authentica...
CVE-2023-25074 Competency access levels not enforced in the server
CVE-2023-25075 Unquoted search path in the installer for some Intel Server Configuration Utility software before ve...
S
CVE-2023-25076 A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2...
E S
CVE-2023-25077 Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-C...
S
CVE-2023-25078 DoS due to heap overflow
CVE-2023-25080 Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before versi...
S
CVE-2023-25081 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25082 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25083 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25084 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25085 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25086 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25087 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25088 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25089 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25090 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25091 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25092 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25093 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25094 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25095 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25096 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25097 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25098 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25099 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25100 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25101 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25102 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25103 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25104 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25105 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25106 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25107 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25108 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25109 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25110 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25111 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25112 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25113 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25114 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25115 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25116 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25117 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25118 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25119 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25120 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25121 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25122 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25123 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25124 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5...
E
CVE-2023-25125 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25126 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25127 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25128 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25129 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25130 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2023-25131 Use of default password vulnerability in CyberPower PowerPanel Business
CVE-2023-25132 Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business
CVE-2023-25133 Improper privilege management vulnerability in CyberPower PowerPanel Business
CVE-2023-25134 McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to...
CVE-2023-25135 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a...
E
CVE-2023-25136 OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handl...
E S
CVE-2023-25139 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situat...
E
CVE-2023-25140 A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (...
CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base
CVE-2023-25143 An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could...
CVE-2023-25144 An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attac...
CVE-2023-25145 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a ...
CVE-2023-25146 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local ...
CVE-2023-25147 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired admin...
CVE-2023-25148 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t...
CVE-2023-25149 TimescaleDB has incorrect access control
S
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
S
CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib
E
CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings
S
CVE-2023-25153 containerd OCI image importer memory exhaustion
S
CVE-2023-25154 Cross site scripting (XSS) of ActivityPub URI in misskey
CVE-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.
S
CVE-2023-25156 Kiwi TCMS has no protection against brute-force attacks on login page
S
CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver
S
CVE-2023-25158 Unfiltered SQL Injection in Geotools
S
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail
S
CVE-2023-25161 Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
S
CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
E
CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs
S
CVE-2023-25164 Sensitive Information leak via Script File in TinaCMS
S
CVE-2023-25165 getHostByName Function Information Disclosure
E S
CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability
S
CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse
S
CVE-2023-25168 Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings
S
CVE-2023-25169 Yearly Review Plugin leaking anonymised users data in discourse-yearly-review
S
CVE-2023-25170 PrestaShop has possible CSRF token fixation
CVE-2023-25171 Kiwi TCMS has denial of service vulnerability on Password reset page
S
CVE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post
S
CVE-2023-25173 containerd supplementary groups are not set up properly
E S
CVE-2023-25174 Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may ...
CVE-2023-25175 Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a...
S
CVE-2023-25176 Pasteboard has an out-of-bounds read vulnerability
S
CVE-2023-25177 Delta Electronics CNCSoft-B DOPSoft Stack-based buffer overflow
S
CVE-2023-25178 Controller design flaw - unsigned firmware
CVE-2023-25179 Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may...
CVE-2023-25180 Rejected reason: Rejected by upstream....
R
CVE-2023-25181 A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedde...
E
CVE-2023-25182 Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2...
CVE-2023-25183 In Snap One OvrC Pro versions prior to 7.2, when logged into the su...
S
CVE-2023-25184 Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a ...
CVE-2023-25185 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solu...
CVE-2023-25186 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS...
CVE-2023-25187 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN comm...
E
CVE-2023-25188 An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS...
CVE-2023-25189 BTS is affected by information disclosure vulnerability where mobile network operator personnel conn...
CVE-2023-25191 AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-upd...
CVE-2023-25192 AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-...
CVE-2023-25193 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via con...
S
CVE-2023-25194 Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
M
CVE-2023-25195 Apache Fineract: SSRF template type vulnerability in certain authenticated users
CVE-2023-25196 Apache Fineract: SQL injection vulnerability
CVE-2023-25197 apache fineract: SQL injection vulnerability in certain procedure calls
CVE-2023-25199 A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver...
CVE-2023-25200 An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 th...
CVE-2023-25201 Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-...
E
CVE-2023-25206 PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection....
E
CVE-2023-25207 PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php....
E
CVE-2023-25210 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTi...
CVE-2023-25211 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecuri...
CVE-2023-25212 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirel...
CVE-2023-25213 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_...
CVE-2023-25214 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi...
CVE-2023-25215 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentCo...
CVE-2023-25216 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirew...
CVE-2023-25217 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasi...
CVE-2023-25218 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_se...
CVE-2023-25219 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpList...
CVE-2023-25220 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_no...
CVE-2023-25221 Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatia...
E S
CVE-2023-25222 A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC functio...
E
CVE-2023-25223 CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list....
E
CVE-2023-25230 A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application t...
E
CVE-2023-25231 Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via pa...
E
CVE-2023-25233 Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via paramete...
E
CVE-2023-25234 Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameter...
E
CVE-2023-25235 Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parame...
E
CVE-2023-25240 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitra...
E
CVE-2023-25241 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ...
E
CVE-2023-25260 Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion....
E
CVE-2023-25261 Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Des...
CVE-2023-25262 Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSR...
E
CVE-2023-25263 In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft....
E
CVE-2023-25264 An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can ...
E
CVE-2023-25265 Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrar...
E
CVE-2023-25266 An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can ch...
E
CVE-2023-25267 An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based...
E
CVE-2023-25279 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privile...
E
CVE-2023-25280 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privile...
KEV E
CVE-2023-25281 A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows at...
E
CVE-2023-25282 A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of ser...
E
CVE-2023-25283 A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of se...
E
CVE-2023-25289 Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-18...
E
CVE-2023-25292 Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers ...
E
CVE-2023-25295 A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53...
E
CVE-2023-25303 ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafte...
E
CVE-2023-25304 An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importin...
CVE-2023-25305 PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously craf...
E S
CVE-2023-25306 MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal....
E
CVE-2023-25307 nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal....
E
CVE-2023-25309 Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to exec...
E
CVE-2023-25313 OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attack...
E
CVE-2023-25314 Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows ...
S
CVE-2023-25330 A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbit...
E
CVE-2023-25341 A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the ...
CVE-2023-25344 An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execut...
E
CVE-2023-25345 Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers...
E
CVE-2023-25346 A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to i...
E
CVE-2023-25347 A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inj...
E
CVE-2023-25348 ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First ...
E
CVE-2023-25350 Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login bo...
E
CVE-2023-25355 CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the...
E
CVE-2023-25356 CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Deli...
E
CVE-2023-25358 A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows a...
CVE-2023-25360 A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows a...
CVE-2023-25361 A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 al...
CVE-2023-25362 A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK befor...
CVE-2023-25363 A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK ...
CVE-2023-25364 Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and ...
CVE-2023-25365 Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arb...
E
CVE-2023-25366 In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password....
CVE-2023-25367 Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code E...
E M
CVE-2023-25368 Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthent...
E M
CVE-2023-25369 Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interfac...
E
CVE-2023-25392 Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation....
E S
CVE-2023-25394 Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts t...
E
CVE-2023-25395 TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerab...
E
CVE-2023-25396 Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below al...
CVE-2023-25399 A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab i...
E S
CVE-2023-25402 CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of...
E
CVE-2023-25403 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT...
E
CVE-2023-25407 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to ...
E
CVE-2023-25409 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other...
E
CVE-2023-25411 Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF)....
E
CVE-2023-25413 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated acc...
E
CVE-2023-25414 Aten PE8108 2.4.232 is vulnerable to denial of service (DOS)....
E
CVE-2023-25415 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated acc...
E
CVE-2023-25428 A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create a...
CVE-2023-25431 An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via ...
E
CVE-2023-25432 An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can...
E
CVE-2023-25433 libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updatin...
E S
CVE-2023-25434 libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tif...
E
CVE-2023-25435 libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/to...
E S
CVE-2023-25437 An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain esc...
E
CVE-2023-25438 An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary c...
CVE-2023-25439 Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attacke...
E
CVE-2023-25440 Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, all...
E
CVE-2023-25442 WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)
E S
CVE-2023-25443 WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25444 WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability
S
CVE-2023-25447 WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25448 WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25449 WordPress CformsII Plugin <=15.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25450 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25451 WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25452 WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25453 WordPress WordPress Tables Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25454 WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability
S
CVE-2023-25455 WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability
S
CVE-2023-25456 WordPress Klaviyo Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25457 WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability
S
CVE-2023-25458 WordPress TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25459 WordPress Post Snippets Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25460 WordPress Easy Ad Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25461 WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25462 WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25463 WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25464 WordPress Twitch Player Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25465 WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25466 WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25467 WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25468 WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25469 WordPress Easy Table of Contents plugin <= 2.0.45.2 - Broken Access Control vulnerability
S
CVE-2023-25470 WordPress Rus-To-Lat Plugin <= 0.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25471 WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25472 WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25473 WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25474 WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25475 WordPress Smart YouTube PRO Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25476 WordPress AmpedSense – AdSense Split Tester Plugin <= 4.68 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25477 WordPress Video Gallery Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25478 WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25480 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25481 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25482 WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25483 WordPress Easy Coming Soon Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25484 WordPress Simple Yearly Archive Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25485 WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25486 WordPress Clone plugin <= 2.3.7 - Broken Access Control vulnerability
S
CVE-2023-25487 WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-25489 WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25490 WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25491 WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25492 A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface...
S
CVE-2023-25493 A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, ...
S
CVE-2023-25494 A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation p...
S
CVE-2023-25495 A valid, authenticated administrative user can query a web interface API to reveal the configured LD...
S
CVE-2023-25496 A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager...
S
CVE-2023-25499 Possible information disclosure in non visible components
S
CVE-2023-25500 Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 2...
S
CVE-2023-25504 Apache Superset: Possible SSRF on import datasets
CVE-2023-25505 NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an atta...
CVE-2023-25506 NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a ...
CVE-2023-25507 NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriat...
CVE-2023-25508 NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriat...
CVE-2023-25509 NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of serv...
CVE-2023-25510 NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, wher...
CVE-2023-25511 NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by...
CVE-2023-25512 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker m...
CVE-2023-25513 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker m...
CVE-2023-25514 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker m...
CVE-2023-25515 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrust...
CVE-2023-25516 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unp...
CVE-2023-25517 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a gue...
CVE-2023-25518 NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without I...
CVE-2023-25519 NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where...
CVE-2023-25520 NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local...
CVE-2023-25521 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution wi...
CVE-2023-25522 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper i...
CVE-2023-25523 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, w...
CVE-2023-25524 NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authent...
CVE-2023-25525 NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet r...
CVE-2023-25526 NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adj...
CVE-2023-25527 NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local at...
CVE-2023-25528 NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugi...
CVE-2023-25529 NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unaut...
CVE-2023-25530 NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause imprope...
CVE-2023-25531 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient prote...
CVE-2023-25532 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient prote...
CVE-2023-25533 NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper inp...
CVE-2023-25534 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input val...
CVE-2023-25535 Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initi...
CVE-2023-25536 Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. ...
S
CVE-2023-25537 Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2...
CVE-2023-25539 Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A ...
CVE-2023-25540 Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local mali...
S
CVE-2023-25542 Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions...
CVE-2023-25543 Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM ...
S
CVE-2023-25544 Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. ...
CVE-2023-25545 Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allo...
S
CVE-2023-25546 Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to pote...
CVE-2023-25547 A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on u...
CVE-2023-25548 A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentia...
CVE-2023-25549 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that...
CVE-2023-25550 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists th...
CVE-2023-25551 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Script...
CVE-2023-25552 A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized co...
CVE-2023-25553 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scri...
CVE-2023-25554 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inject...
CVE-2023-25555 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Comm...
CVE-2023-25556 A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised...
CVE-2023-25557 Server-Side Request Forgery in DataHub
CVE-2023-25558 Deserialization of untrusted data in DataHub
S
CVE-2023-25559 System account impersonation in DataHub
CVE-2023-25560 JSON Injection in DataHub
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub
CVE-2023-25563 GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields
S
CVE-2023-25564 GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings
S
CVE-2023-25565 GSS-NTLMSSP vulnerable to incorrect free when decoding target information
S
CVE-2023-25566 GSS-NTLMSSP vulnerable to memory leak when parsing usernames
S
CVE-2023-25567 GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information
S
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
S
CVE-2023-25569 apollo-portal has potential CSRF issue
S
CVE-2023-25570 Apollo has potential access control security issue in eureka
S
CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog
S
CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on ``
E S
CVE-2023-25573 Improper access control to download file in metersphere
E
CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated
CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections
S
CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts
S
CVE-2023-25577 Werkzeug may allow high resource usage when parsing multipart form data with many fields
S
CVE-2023-25578 Starlite DoS vulnerability when parsing multipart request body
E S
CVE-2023-25579 Directory traversal in Nextcloud server
S
CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j
CVE-2023-25582 Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR3...
E
CVE-2023-25583 Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR3...
E
CVE-2023-25584 Out of bounds read in parse_module function in bfd/vms-alpha.c
S
CVE-2023-25585 Field `file_table` of `struct module *module` is uninitialized
E S
CVE-2023-25586 Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
E S
CVE-2023-25587 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-25588 Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
E S
CVE-2023-25589 Unauthenticated Arbitrary User Creation Leads to Complete System Compromise
CVE-2023-25590 Local Privilege Escalation in ClearPass OnGuard Linux Agent
CVE-2023-25591 Authenticated Information Disclosure in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25592 Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25593 Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25594 Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25595 Sensitive Information Disclosure in ClearPass OnGuard Ubuntu Agent
CVE-2023-25596 Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
CVE-2023-25597 A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an u...
CVE-2023-25598 A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21...
CVE-2023-25599 A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500....
CVE-2023-25600 An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writabl...
CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication
CVE-2023-25602 A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and ea...
S
CVE-2023-25603 A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7...
S
CVE-2023-25604 An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allow...
S
CVE-2023-25605 A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authe...
S
CVE-2023-25606 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE...
S
CVE-2023-25607 An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulner...
S
CVE-2023-25608 An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the ...
S
CVE-2023-25609 A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7...
S
CVE-2023-25610 A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet F...
S
CVE-2023-25611 A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer ...
S
CVE-2023-25613 LDAP Injection Vulnerability in Apache Kerby
CVE-2023-25614 SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752,...
CVE-2023-25615 SQL Injection vulnerability in SAP ABAP Platform
CVE-2023-25616 Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
CVE-2023-25617 OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)
CVE-2023-25618 Denial of Service (DoS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
CVE-2023-25619 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cau...
CVE-2023-25620 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could c...
CVE-2023-25621 Apache Sling does not allow to handle i18n content in a secure way
CVE-2023-25632 The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock...
CVE-2023-25642 Two Vulnerabilities in Some ZTE Mobile Internet Products
S
CVE-2023-25643 Two Vulnerabilities in Some ZTE Mobile Internet Products
S
CVE-2023-25644 Denial of Service Vulnerability in Some ZTE Mobile Internet Products
S
CVE-2023-25645 There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper p...
CVE-2023-25646 Permission and Access Control Vulnerability in ZTE H388X
S
CVE-2023-25647 Permission and Access Control Vulnerability in Some ZTE Mobile Phones
CVE-2023-25648 Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI
S
CVE-2023-25649 OS Command Injection Vulnerability in a Mobile Internet Product of ZTE
S
CVE-2023-25650 Arbitrary File Download Vulnerability in ZTE ZXCLOUD iRAI
S
CVE-2023-25651 SQL Injection Vulnerability in Some ZTE Mobile Internet Products
S
CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write
S
CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
S
CVE-2023-25654 baserCMS File Uploader Remote Code Execution (RCE) vulnerability
S
CVE-2023-25655 baserCMS allows any file to be uploaded
S
CVE-2023-25656 notation-go has excessive memory allocation on verification
CVE-2023-25657 Remote code execution in Jinja2 template rendering in Nautobot
S
CVE-2023-25658 TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
S
CVE-2023-25659 TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
S
CVE-2023-25660 TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
S
CVE-2023-25661 Denial of Service in TensorFlow
E S
CVE-2023-25662 TensorFlow vulnerable to integer overflow in EditDistance
S
CVE-2023-25663 TensorFlow has Null Pointer Error in TensorArrayConcatV2
S
CVE-2023-25664 TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad
S
CVE-2023-25665 TensorFlow has Null Pointer Error in SparseSparseMaximum
E S
CVE-2023-25666 TensorFlow has Floating Point Exception in AudioSpectrogram
S
CVE-2023-25667 TensorFlow vulnerable to segfault when opening multiframe gif
S
CVE-2023-25668 TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation
E S
CVE-2023-25669 TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
S
CVE-2023-25670 TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
S
CVE-2023-25671 TensorFlow has segmentation fault in tfg-translate
S
CVE-2023-25672 TensorFlow has Null Pointer Error in LookupTableImportV2
S
CVE-2023-25673 TensorFlow has Floating Point Exception in TensorListSplit with XLA
S
CVE-2023-25674 TensorFlow has Null Pointer Error in RandomShuffle with XLA enable
S
CVE-2023-25675 TensorFlow has Segfault in Bincount with XLA
S
CVE-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA
S
CVE-2023-25680 IBM Robotic Process Automation information disclosure
S
CVE-2023-25681 IBM Spectrum Virtualize security bypass
CVE-2023-25682 IBM Sterling B2B Integrator information disclosure
CVE-2023-25683 IBM PowerVM Hypervisor information disclosure
CVE-2023-25684 IBM Security Key Lifecycle Manager SQL injection
S
CVE-2023-25686 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25687 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25688 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25689 IBM Security Key Lifecycle Manager information disclosure
S
CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
CVE-2023-25691 Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution
S
CVE-2023-25692 Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service
S
CVE-2023-25693 Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
S
CVE-2023-25694 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-25695 Information disclosure in Apache Airflow
S
CVE-2023-25696 Apache Airflow Hive Provider Beeline RCE
S
CVE-2023-25697 WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability
S
CVE-2023-25698 WordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25699 WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE)
S
CVE-2023-25700 WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
S
CVE-2023-25701 WordPress WatchTowerHQ plugin <= 3.6.16 - Privilege Escalation
S
CVE-2023-25702 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25703 WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability
S
CVE-2023-25704 WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25705 WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25706 WordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25707 WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25708 WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25709 WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25710 WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25711 WordPress WPGlobus Translate Options Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25712 WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25713 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25714 WordPress Quick Paypal Payments plugin <= 5.7.25 - Broken Access Control vulnerability
S
CVE-2023-25715 WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control
S
CVE-2023-25716 WordPress Announce from the Dashboard Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25717 Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Requ...
KEV E S
CVE-2023-25718 In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable fil...
CVE-2023-25719 ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-suppl...
E
CVE-2023-25721 Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and ...
CVE-2023-25722 A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan...
CVE-2023-25723 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-25724 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently l...
CVE-2023-25727 In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading...
S
CVE-2023-25728 The Content-Security-Policy-Report-Only header could allow an attacker to leak a child ...
CVE-2023-25729 Permission prompts for opening external schemes were only shown for ContentPrincipals r...
CVE-2023-25730 A background script invoking requestFullscreen and then blocking the main thread could ...
CVE-2023-25731 Due to URL previews in the network panel of developer tools improperly storing URLs, query parameter...
CVE-2023-25732 When encoding data from an inputStream in xpcom the size of the input bein...
CVE-2023-25733 The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potenti...
CVE-2023-25734 After downloading a Windows .url shortcut from the local filesystem, an attacker could ...
E
CVE-2023-25735 Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartmen...
CVE-2023-25736 An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. Thi...
CVE-2023-25737 An invalid downcast from nsTextNode to SVGElement could have lead to undef...
CVE-2023-25738 Members of the DEVMODEW struct set by the printer device driver weren't being validated...
CVE-2023-25739 Module load requests that failed were not being checked as to whether or not they were cancelled cau...
CVE-2023-25740 After downloading a Windows .scf script from the local filesystem, an attacker could su...
CVE-2023-25741 When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This...
E
CVE-2023-25742 When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing th...
CVE-2023-25743 A lack of in app notification for entering fullscreen mode could have lead to a malicious website sp...
CVE-2023-25744 Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence...
CVE-2023-25745 Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption a...
CVE-2023-25746 Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corrup...
CVE-2023-25747 A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on And...
CVE-2023-25748 By displaying a prompt with a long description, the fullscreen notification could have been hidden, ...
CVE-2023-25749 Android applications with unpatched vulnerabilities can be launched from a browser using Intents, ex...
CVE-2023-25750 Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when...
CVE-2023-25751 Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be...
CVE-2023-25752 When accessing throttled streams, the count of available bytes needed to be checked in the calling f...
CVE-2023-25753 Server-Side Request Forgery in Apache ShenYu
CVE-2023-25754 Apache Airflow: Privilege escalation using airflow logs
S
CVE-2023-25755 Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of o...
CVE-2023-25756 Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user...
CVE-2023-25757 Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privil...
CVE-2023-25758 Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle at...
CVE-2023-25759 OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman...
CVE-2023-25760 Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated...
CVE-2023-25761 Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaSc...
CVE-2023-25762 Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expre...
CVE-2023-25763 Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled e...
CVE-2023-25764 Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email...
CVE-2023-25765 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subje...
CVE-2023-25766 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows ...
CVE-2023-25767 A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e8...
CVE-2023-25768 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows ...
CVE-2023-25769 Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before ve...
CVE-2023-25770 Controller stack overflow on decoding messages from the server
CVE-2023-25771 Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potential...
S
CVE-2023-25772 Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0....
CVE-2023-25773 Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4...
CVE-2023-25774 A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEt...
E
CVE-2023-25775 Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9...
CVE-2023-25776 Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a...
S
CVE-2023-25777 Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m...
CVE-2023-25779 Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before ver...
CVE-2023-25780 Status Internet Co.,Ltd. PowerBPM - Broken Access Control
CVE-2023-25781 WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25782 WordPress Service Area Postcode Checker Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25783 WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25784 WordPress Sticky Ad Bar Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25785 WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability
CVE-2023-25786 WordPress Eyes Only: User Access Shortcode Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25787 WordPress WP资源下载管理 Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25788 WordPress Saphali Woocommerce Lite Plugin <= 1.8.13 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25789 WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25790 WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection
S
CVE-2023-25791 WordPress Fontiran plugin <= 2.1 - Broken Access Control vulnerability
CVE-2023-25792 WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25793 WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25794 WordPress Nooz Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25795 WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25796 WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25797 WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25798 WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25799 WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities
S
CVE-2023-25800 WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection
S
CVE-2023-25801 TensorFlow has double free in Fractional(Max/Avg)Pool
S
CVE-2023-25802 Roxy-WI has Path Traversal vulnerability
E S
CVE-2023-25803 Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions pri...
E
CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter
E
CVE-2023-25805 versionn Command Injection Vulnerability
S
CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch
CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability
E S
CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
E S
CVE-2023-25810 Persistent Cross site scripting (XSS) through description in status page in Uptime Kuma
CVE-2023-25811 Persistent Cross site scripting (XSS) in Uptime Kuma
E
CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio
E S
CVE-2023-25813 SQL Injection via replacements in sequelize
E S
CVE-2023-25814 Arbitrary File Read Vulnerability in metersphere
E
CVE-2023-25815 Git looks for localized messages in the wrong place
S
CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption
E S
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server
S
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server
S
CVE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag
S
CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal
S
CVE-2023-25821 Nextcloud download permissions can be changed by resharer
E S
CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements
M
CVE-2023-25823 Gradio contains Use of Hard-coded Credentials
CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout
E S
CVE-2023-25825 ZoneMinder contains Cross-site Scripting via log viewing
E S
CVE-2023-25826 Remote Code Execution in OpenTSDB
S
CVE-2023-25827 Cross-site Scripting in OpenTSDB
S
CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS
S
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS.
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS
S
CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.
CVE-2023-25832 BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS.
CVE-2023-25833 BUG-000155004 HTML injection issue in Portal for ArcGIS.
S
CVE-2023-25834 BUG-000142922 Incomplete permission changes in specific cases.
S
CVE-2023-25835 BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability
CVE-2023-25836 BUG-000135364 XSS in 10.8.1 sites builder iframe source
CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
CVE-2023-25838 BUG-000157278 – ArcGIS Insights has a security vulnerability.
S
CVE-2023-25839 BUG-000157278 – ArcGIS Insights has a security vulnerability - desktop
S
CVE-2023-25840 BUG-000154070 Stored XSS issue in the ArcGIS REST Services directory
CVE-2023-25841 BUG-000158075 Stored XSS issue in ArcGIS Server
S
CVE-2023-25848 BUG-000158039 - There is an information disclosure issue in ArcGIS Server.
CVE-2023-25859 Adobe Illustrator Improper Input Validation Remote Code Execution Vulnerability
CVE-2023-25860 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-25861 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-25862 Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-25863 Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25864 Adobe Substance 3D Stager FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25865 Adobe Substance 3D Stager OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability
S
CVE-2023-25866 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25867 Adobe Substance 3D Stager PCX File Parsing Memory Corruption Remote Code Execution Vulnerability
S
CVE-2023-25868 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25869 Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25870 Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25871 Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25872 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25873 Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25874 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25875 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25876 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25877 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25878 Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-25879 ZDI-CAN-19389: Adobe Dimension OBJ File Improper Input Validation Remote Code Execution
S
CVE-2023-25880 ZDI-CAN-19412: Adobe Dimension GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25881 ZDI-CAN-19390: Adobe Dimension OBJ File Improper Input Validation Remote Code Execution
S
CVE-2023-25882 ZDI-CAN-19385: Adobe Dimension OBJ File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25883 ZDI-CAN-19386: Adobe Dimension FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25884 ZDI-CAN-19411: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25885 ZDI-CAN-19480: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25886 ZDI-CAN-19452: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25887 ZDI-CAN-19450: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25888 ZDI-CAN-19451: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25889 ZDI-CAN-19466: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25890 ZDI-CAN-19493: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25891 ZDI-CAN-19542: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25892 ZDI-CAN-19523: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25893 ZDI-CAN-19539: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25894 ZDI-CAN-19543: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25895 ZDI-CAN-19540: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25896 ZDI-CAN-19541: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25897 ZDI-CAN-19520: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25898 ZDI-CAN-19521: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2023-25899 ZDI-CAN-19522: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-25900 ZDI-CAN-19559: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25901 ZDI-CAN-19508: Adobe Dimension USD File Improper Input Validation Remote Code Execution Vulnerability
S
CVE-2023-25902 ZDI-CAN-19560: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25903 Adobe Dimension USDZ files Integer Overflow or Wraparound Arbitrary code execution
S
CVE-2023-25904 Adobe Dimension Out-of-bounds Read USDZ file Arbitrary code execution
S
CVE-2023-25905 ZDI-CAN-20031: Adobe Dimension OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-25906 ZDI-CAN-20046: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25907 ZDI-CAN-20216: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
S
CVE-2023-25908 Adobe Photoshop SVG file Use After Free Arbitrary code execution
S
CVE-2023-25909 HGiga Inc. OAKlouds - Arbitrary File Upload
S
CVE-2023-25910 A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (...
S
CVE-2023-25911 Authenticated OS Command Injection in Danfoss AK-EM100
M
CVE-2023-25912 Webreport disclosure to unauthorized actor in Danfoss AK-EM100
M
CVE-2023-25913 Authentication Bypass in Danfoss AK-SM800A
M
CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A
M
CVE-2023-25915 Authenticated Remote Command Execution in Danfoss AK-SM800A
M
CVE-2023-25921 IBM Security Guardium Key Lifecycle Manager file upload
S
CVE-2023-25922 IBM Security Guardium Key Lifecycle Manager file upload
S
CVE-2023-25923 IBM Security Key Lifecycle Manager denial of service
S
CVE-2023-25924 IBM Security Key Lifecycle Manager improper authorization
S
CVE-2023-25925 IBM Security Guardium Key Lifecycle Manager command injection
S
CVE-2023-25926 IBM Security Guardium Key Lifecycle Manager XML external entity injection
S
CVE-2023-25927 IBM Security Verify Access denial of service
CVE-2023-25928 IBM InfoSphere Information Server cross-site scripting
S
CVE-2023-25929 IBM Cognos Analytics cross-site scripting
S
CVE-2023-25930 IBM Db2 denial of service
CVE-2023-25931 Medtronic Micro Clinician & InterStim X Clinician App Password Reset Issue
S
CVE-2023-25933 A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could ha...
S
CVE-2023-25934 DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerabilit...
CVE-2023-25936 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-25937 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-25938 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-25940 Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerab...
S
CVE-2023-25941 Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low...
S
CVE-2023-25942 Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerabili...
S
CVE-2023-25944 Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd...
CVE-2023-25945 Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authe...
CVE-2023-25946 Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a...
CVE-2023-25947 The bundle management subsystem has a improper input validation when installing a HAP package.
CVE-2023-25948 Server Data type confusion - info leak
CVE-2023-25949 Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow...
CVE-2023-25950 HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a ...
CVE-2023-25951 Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software b...
CVE-2023-25952 Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow a...
CVE-2023-25953 Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attack...
CVE-2023-25954 KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, an...
CVE-2023-25955 National land numerical information data conversion tool all versions improperly restricts XML exter...
CVE-2023-25956 Apache Airflow AWS Provider: Arbitrary file read via AWS provider
S
CVE-2023-25957 A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < ...
CVE-2023-25958 WordPress Simple Tooltips Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25959 WordPress Apollo13 Framework Extensions plugin <= 1.8.10 - Broken Access Control
S
CVE-2023-25960 WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to SQL Injection
S
CVE-2023-25961 WordPress Darcie Theme <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25962 WordPress Accordions Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25963 WordPress JS Job Manager Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25964 WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25965 WordPress Upload Resume plugin <= 1.2.0 - Sensitive Data Exposure vulnerability
CVE-2023-25966 WordPress FileBird plugin <= 5.1.4 - Broken Access Control vulnerability
S
CVE-2023-25967 WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25968 WordPress Client Portal – Private user pages and login Plugin <= 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25970 WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload
S
CVE-2023-25971 WordPress Educare – Students & Result Management System Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25972 WordPress Старт Plugin <= 3.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25973 WordPress Auto Affiliate Links Plugin <= 6.3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25974 WordPress wp2syslog Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25975 WordPress Etsy Shop Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25976 WordPress Integration for Contact Form 7 and Zoho CRM, Bigin Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25977 WordPress CPT – Speakers Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25978 WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25979 WordPress Video Gallery – YouTube Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25980 WordPress Optimize Database after Deleting Revisions Plugin <= 5.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25981 WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25982 WordPress Simple YouTube Responsive Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25983 WordPress KB Support Plugin <= 1.5.84 is vulnerable to CSV Injection
S
CVE-2023-25984 WordPress Dovetail Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25985 WordPress WordPress Tooltips Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25986 WordPress PayGreen Plugin <= 4.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25987 WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25988 WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability
S
CVE-2023-25989 Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks
S
CVE-2023-25990 WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
S
CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-25992 WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-25993 WordPress Top 10 – Popular posts plugin for WordPress plugin <= 3.2.3 - Broken Access Control vulnerability
S
CVE-2023-25994 WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.