| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-26008 | WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26009 | WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation | S | |
| CVE-2023-26010 | WordPress WPMobile.App Plugin <= 11.18 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26011 | WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26012 | WordPress Custom Login Page Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26013 | WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26014 | WordPress Minify HTML Plugin <= 2.1.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26015 | WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection | S | |
| CVE-2023-26016 | WordPress Simple Portfolio Gallery Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26017 | WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26020 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio | | |
| CVE-2023-26021 | IBM Db2 denial of service | S | |
| CVE-2023-26022 | IBM Db2 denial of service | S | |
| CVE-2023-26023 | IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure | S | |
| CVE-2023-26024 | IBM Planning Analytics on Cloud Pak for Data information disclosure | | |
| CVE-2023-26026 | IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure | S | |
| CVE-2023-26031 | Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems | M | |
| CVE-2023-26032 | ZoneMinder contains SQL injection via malicious Jason Web Token | S | |
| CVE-2023-26033 | Gentoo soko contains DoS attack based on SQL Injection | S | |
| CVE-2023-26034 | ZoneMinder SQL Injection | E | |
| CVE-2023-26035 | ZoneMinder vulnerable to Missing Authorization | S | |
| CVE-2023-26036 | ZoneMinder contains Local File Inclusion vulnerability | E S | |
| CVE-2023-26037 | ZoneMinder contains SQL Injection via report_event_audit | S | |
| CVE-2023-26038 | ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php` | E S | |
| CVE-2023-26039 | ZoneMinder vulnerable to OS Command injection in daemonControl() API | S | |
| CVE-2023-26040 | Discourse chat messages susceptible to Cross-site Scripting through chat excerpts | S | |
| CVE-2023-26041 | Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured | E S | |
| CVE-2023-26042 | HTML/XSS injection possibilities in Part-DB | S | |
| CVE-2023-26043 | XML External Entity (XXE) injection in GeoServer style upload functionality | E S | |
| CVE-2023-26044 | ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits | S | |
| CVE-2023-26045 | NodeBB vulnerable to path traversal and code execution via prototype vulnerability | S | |
| CVE-2023-26046 | teler-waf subject to bypass of common web attack threat rule with HTML entities payload | S | |
| CVE-2023-26047 | teler-waf contains detection rule bypass via entities payload | S | |
| CVE-2023-26048 | OutOfMemoryError for large multipart without filename in Eclipse Jetty | S | |
| CVE-2023-26049 | Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty | S | |
| CVE-2023-26051 | Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions | S | |
| CVE-2023-26052 | Saleor is vulnerable to unauthenticated information disclosure via Python exceptions | | |
| CVE-2023-26053 | Gradle usage of long IDs for PGP keys opens potential for collision attacks | S | |
| CVE-2023-26054 | Credentials inlined to Git URLs could end up in provenance attestation in BuildKit | E S | |
| CVE-2023-26055 | XWiki Commons may allow privilege escalation to programming rights via user's first name | E S | |
| CVE-2023-26056 | XWiki Platform allows macro execution as any user without programming rights through the context macro | E S | |
| CVE-2023-26057 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuratio... | | |
| CVE-2023-26058 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Ma... | | |
| CVE-2023-26059 | An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attack... | | |
| CVE-2023-26060 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can... | | |
| CVE-2023-26061 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alar... | | |
| CVE-2023-26062 | A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in whic... | | |
| CVE-2023-26063 | Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.... | | |
| CVE-2023-26064 | Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.... | | |
| CVE-2023-26065 | Certain Lexmark devices through 2023-02-19 have an Integer Overflow.... | | |
| CVE-2023-26066 | Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.... | | |
| CVE-2023-26067 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).... | | |
| CVE-2023-26068 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).... | | |
| CVE-2023-26069 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).... | | |
| CVE-2023-26070 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).... | | |
| CVE-2023-26071 | An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy... | | |
| CVE-2023-26072 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos ... | | |
| CVE-2023-26073 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos ... | | |
| CVE-2023-26074 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos ... | | |
| CVE-2023-26075 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos ... | | |
| CVE-2023-26076 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos... | | |
| CVE-2023-26077 | Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permiss... | | |
| CVE-2023-26078 | Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to... | E | |
| CVE-2023-26081 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating pa... | E S | |
| CVE-2023-26083 | Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r... | KEV | |
| CVE-2023-26084 | The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the auth... | S | |
| CVE-2023-26085 | A possible out-of-bounds read and write (due to an improper length check of shared memory) was disco... | | |
| CVE-2023-26088 | In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system b... | | |
| CVE-2023-26089 | European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-... | M | |
| CVE-2023-26091 | The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allo... | S | |
| CVE-2023-26092 | Liima before 1.17.28 allows server-side template injection.... | S | |
| CVE-2023-26093 | Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the de... | S | |
| CVE-2023-26095 | ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash... | | |
| CVE-2023-26097 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify th... | | |
| CVE-2023-26098 | An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker ... | | |
| CVE-2023-26099 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.... | | |
| CVE-2023-26100 | In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A... | | |
| CVE-2023-26101 | In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet ... | | |
| CVE-2023-26102 | All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() func... | E | |
| CVE-2023-26103 | Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (R... | E S | |
| CVE-2023-26104 | All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attack... | E | |
| CVE-2023-26105 | All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. ... | E | |
| CVE-2023-26106 | All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in... | E | |
| CVE-2023-26107 | All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell... | E | |
| CVE-2023-26108 | Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the Str... | E S | |
| CVE-2023-26109 | All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the fin... | E | |
| CVE-2023-26110 | All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortC... | E | |
| CVE-2023-26111 | All versions of the package @nubosoftware/node-static; all versions of the package node-static are v... | E | |
| CVE-2023-26112 | All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS)... | E | |
| CVE-2023-26113 | Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the ext... | E S | |
| CVE-2023-26114 | Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in Web... | S | |
| CVE-2023-26115 | All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS)... | E | |
| CVE-2023-26116 | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (... | E | |
| CVE-2023-26117 | Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (R... | E | |
| CVE-2023-26118 | Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (R... | E | |
| CVE-2023-26119 | Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to ... | E S | |
| CVE-2023-26120 | This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed success... | E | |
| CVE-2023-26121 | All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval functio... | E | |
| CVE-2023-26122 | All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitiz... | E | |
| CVE-2023-26123 | Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) suc... | E S | |
| CVE-2023-26125 | Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Valid... | E S | |
| CVE-2023-26126 | All versions of the package m.static are vulnerable to Directory Traversal due to improper input san... | E | |
| CVE-2023-26127 | All versions of the package n158 are vulnerable to Command Injection due to improper input sanitizat... | | |
| CVE-2023-26128 | All versions of the package keep-module-latest are vulnerable to Command Injection due to missing in... | E | |
| CVE-2023-26129 | All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitiz... | E | |
| CVE-2023-26130 | Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untr... | S | |
| CVE-2023-26131 | All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.c... | E | |
| CVE-2023-26132 | Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficien... | E S | |
| CVE-2023-26133 | All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function ex... | E | |
| CVE-2023-26134 | Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that t... | E S | |
| CVE-2023-26135 | All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function i... | E | |
| CVE-2023-26136 | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to impro... | E S | |
| CVE-2023-26137 | All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when un... | E | |
| CVE-2023-26138 | All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted u... | E | |
| CVE-2023-26139 | Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the... | | |
| CVE-2023-26140 | Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XS... | S | |
| CVE-2023-26141 | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insuff... | E S | |
| CVE-2023-26142 | All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input... | E | |
| CVE-2023-26143 | Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the b... | E S | |
| CVE-2023-26144 | Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (D... | E S | |
| CVE-2023-26145 | This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.... | E S | |
| CVE-2023-26146 | All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that whe... | E | |
| CVE-2023-26147 | All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted u... | E | |
| CVE-2023-26148 | All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input... | E | |
| CVE-2023-26149 | Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due ... | E S | |
| CVE-2023-26150 | Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it... | E S | |
| CVE-2023-26151 | Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an... | E S | |
| CVE-2023-26152 | All versions of the package static-server are vulnerable to Directory Traversal due to improper inpu... | E | |
| CVE-2023-26153 | Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe ... | E S | |
| CVE-2023-26154 | Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions... | E S | |
| CVE-2023-26155 | All versions of the package node-qpdf are vulnerable to Command Injection such that the package-expo... | E | |
| CVE-2023-26156 | Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting... | E S | |
| CVE-2023-26157 | Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to... | E S | |
| CVE-2023-26158 | All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend functio... | E M | |
| CVE-2023-26159 | Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation d... | E S | |
| CVE-2023-26203 | A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC versio... | S | |
| CVE-2023-26204 | A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all ver... | S | |
| CVE-2023-26205 | An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.... | S | |
| CVE-2023-26206 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet ... | S | |
| CVE-2023-26207 | An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through ... | S | |
| CVE-2023-26208 | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet Fort... | S | |
| CVE-2023-26209 | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet Fort... | S | |
| CVE-2023-26210 | Multiple improper neutralization of special elements used in an os command ('OS Command Injection') ... | S | |
| CVE-2023-26211 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet ... | S | |
| CVE-2023-26213 | On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an... | E | |
| CVE-2023-26214 | TIBCO BusinessConnect Reflected XSS Vulnerability | S | |
| CVE-2023-26215 | TIBCO EBX® Add-ons Path Traversal | S | |
| CVE-2023-26216 | TIBCO EBX Add-ons Arbitrary File Write | S | |
| CVE-2023-26217 | TIBCO EBX Add-ons SQL Injection Vulnerability | S | |
| CVE-2023-26218 | TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities | S | |
| CVE-2023-26219 | TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability | S | |
| CVE-2023-26220 | TIBCO Spotfire Stored Cross-site Scripting (XSS) vulnerability | S | |
| CVE-2023-26221 | TIBCO Spotfire Insufficiently Protected Credential vulnerability | S | |
| CVE-2023-26222 | TIBCO EBX Cross-site Scripting (XXS) Vulnerability | S | |
| CVE-2023-26234 | JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.... | E | |
| CVE-2023-26235 | JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.... | S | |
| CVE-2023-26236 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message hand... | | |
| CVE-2023-26237 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capab... | | |
| CVE-2023-26238 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensiv... | | |
| CVE-2023-26239 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password c... | | |
| CVE-2023-26242 | afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 ha... | | |
| CVE-2023-26243 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.0... | E | |
| CVE-2023-26244 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.0... | E | |
| CVE-2023-26245 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.0... | E | |
| CVE-2023-26246 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.0... | E | |
| CVE-2023-26248 | The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns ro... | | |
| CVE-2023-26249 | Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attac... | | |
| CVE-2023-26253 | In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffe... | E S | |
| CVE-2023-26255 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & The... | E | |
| CVE-2023-26256 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & The... | E | |
| CVE-2023-26257 | An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daem... | E S | |
| CVE-2023-26258 | Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceI... | E | |
| CVE-2023-26260 | OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial ac... | | |
| CVE-2023-26261 | In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass ... | | |
| CVE-2023-26262 | An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted la... | E M | |
| CVE-2023-26263 | All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External E... | | |
| CVE-2023-26264 | All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External E... | | |
| CVE-2023-26265 | The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are... | S | |
| CVE-2023-26266 | In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unpre... | E S | |
| CVE-2023-26267 | php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user b... | S | |
| CVE-2023-26268 | Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes | | |
| CVE-2023-26269 | Apache James server: Privilege escalation through unauthenticated JMX | | |
| CVE-2023-26270 | IBM Security Guardium Data Encryption code execution | S | |
| CVE-2023-26271 | IBM Security Guardium Data Encryption information disclosure | S | |
| CVE-2023-26272 | IBM Security Guardium Data Encryption information disclosure | S | |
| CVE-2023-26273 | IBM QRadar security bypass | S | |
| CVE-2023-26274 | IBM QRadar cross-site scripting | S | |
| CVE-2023-26276 | IBM QRadar information disclosure | S | |
| CVE-2023-26277 | IBM QRadar WinCollect Agent privilege escalation | | |
| CVE-2023-26278 | IBM QRadar WinCollect Agent privilege escalation | | |
| CVE-2023-26279 | IBM QRadar WinCollect Agent improper output encoding | S | |
| CVE-2023-26280 | IBM Jazz Foundation improper access control | | |
| CVE-2023-26281 | IBM HTTP Server denial of service | S | |
| CVE-2023-26282 | IBM Watson CP4D Data Stores file modificiation | | |
| CVE-2023-26283 | IBM WebSphere Application Server cross-site scripting | S | |
| CVE-2023-26284 | IBM MQ Certified Container improper access controls | | |
| CVE-2023-26285 | IBM MQ denial of service | S | |
| CVE-2023-26286 | IBM AIX privilege escalation | | |
| CVE-2023-26288 | IBM Aspera Orchestrator session fixation | | |
| CVE-2023-26289 | IBM Aspera Orchestrator HTTP header injection | | |
| CVE-2023-26290 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2023-26291 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2023-26292 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2023-26293 | A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All ve... | S | |
| CVE-2023-26294 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command inject... | | |
| CVE-2023-26295 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command inject... | | |
| CVE-2023-26296 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command inject... | | |
| CVE-2023-26297 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command inject... | | |
| CVE-2023-26298 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command inject... | | |
| CVE-2023-26299 | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC... | S | |
| CVE-2023-26300 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products... | S | |
| CVE-2023-26301 | Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/o... | | |
| CVE-2023-26302 | markdown-it-py CLI crash on invalid UTF-8 characters | S | |
| CVE-2023-26303 | markdown-it-py crash on null assertions | S | |
| CVE-2023-26309 | A remote code execution vulnerability in the webview component | | |
| CVE-2023-26310 | Command Injection In OPPO Service | | |
| CVE-2023-26311 | A remote code execution vulnerability in the webview component of OPPO Store app. | | |
| CVE-2023-26314 | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the ap... | M | |
| CVE-2023-26315 | Xiaomi router has a command injection vulnerability after authorization | | |
| CVE-2023-26316 | A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is cau... | | |
| CVE-2023-26317 | Xiaomi router external request interface has command injection | | |
| CVE-2023-26318 | Xiaomi router web interface post-authorization stack overflow | | |
| CVE-2023-26319 | Xiaomi Router administration interface vulnerability leads command injection and stack overflow | | |
| CVE-2023-26320 | Xiaomi Router external request interface vulnerability leads to stack overflow | | |
| CVE-2023-26321 | The international version of Xiaomi File Manager has a path traversal vulnerability | | |
| CVE-2023-26322 | GetApps application has code execution vulnerability | | |
| CVE-2023-26323 | Xiaomi App Market has a code execution vulnerability | | |
| CVE-2023-26324 | GetApps application has code execution vulnerability | | |
| CVE-2023-26325 | The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL i... | E | |
| CVE-2023-26326 | The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated inse... | E | |
| CVE-2023-26327 | ZDI-CAN-20217: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26328 | ZDI-CAN-20212: Adobe Dimension USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2023-26329 | ZDI-CAN-20213: Adobe Dimension OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26330 | ZDI-CAN-20146: Adobe Dimension USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2023-26331 | ZDI-CAN-20145: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26332 | ZDI-CAN-20144: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26333 | ZDI-CAN-20214: Adobe Dimension USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2023-26334 | ZDI-CAN-20149: Adobe Dimension USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability | S | |
| CVE-2023-26335 | ZDI-CAN-20215: Adobe Dimension USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2023-26336 | ZDI-CAN-20275: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2023-26337 | ZDI-CAN-20285: Adobe Dimension USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-26338 | ZDI-CAN-19410: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26339 | ZDI-CAN-19388: Adobe Dimension OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26340 | ZDI-CAN-19387: Adobe Dimension OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26341 | ZDI-CAN-19391: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-26342 | ZDI-CAN-19413: Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-26343 | ZDI-CAN-19465: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-26344 | ZDI-CAN-19467: Adobe Dimension USD File Access of Uninitialized Pointer Information Disclosure Vulnerability | | |
| CVE-2023-26345 | ZDI-CAN-19494: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26346 | ZDI-CAN-19495: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26347 | CVE-2023-38205 issues | ColdFusion Admin Panel Access | | |
| CVE-2023-26348 | ZDI-CAN-19518: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-26349 | ZDI-CAN-20218: Adobe Dimension USDZ File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-26350 | ZDI-CAN-19510: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26351 | ZDI-CAN-19507: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26352 | ZDI-CAN-19509: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26353 | ZDI-CAN-19511: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26354 | ZDI-CAN-19519: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26355 | ZDI-CAN-19512: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26356 | ZDI-CAN-19506: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26358 | Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability | | |
| CVE-2023-26359 | Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution | KEV S | |
| CVE-2023-26360 | Adobe ColdFusion Improper Access Control Arbitrary code execution | KEV E S | |
| CVE-2023-26361 | Adobe ColdFusion Directory Traversal Arbitrary file system read Vulnerability | S | |
| CVE-2023-26364 | Denial of Service of regular expression in package @adobe/css-tools | | |
| CVE-2023-26366 | Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918) | | |
| CVE-2023-26367 | Error based file extraction via PHP filter chains during product bulk import logic | | |
| CVE-2023-26368 | Adobe InCopy Out-of-Bounds Read Vulnerability v1.0 | | |
| CVE-2023-26369 | [Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild | KEV | |
| CVE-2023-26370 | ZDI-CAN-21257: Adobe Photoshop PSD File Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2023-26371 | Validate Your Inputs | Out-of-bounds Read (CWE-125) | S | |
| CVE-2023-26372 | ZDI-CAN-20284: Adobe Dimension USDZ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2023-26373 | Adobe Dimension has an arbitrary address write vulnerability when parsing USDZ files | S | |
| CVE-2023-26374 | ZDI-CAN-20045: Adobe Dimension USD File Parsing Out-Of-Bounds Read Memory leak Vulnerability | S | |
| CVE-2023-26375 | ZDI-CAN-20231: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26376 | ZDI-CAN-20155: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26377 | ZDI-CAN-20151: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26378 | ZDI-CAN-20148: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26379 | ZDI-CAN-20233: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26380 | ZDI-CAN-20150: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26381 | ZDI-CAN-20147: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26382 | ZDI-CAN-20156: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26383 | ZDI-CAN-20287: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-26384 | ZDI-CAN-20279: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26385 | ZDI-CAN-20267: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-26386 | ZDI-CAN-20266: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2023-26387 | ZDI-CAN-20265: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2023-26388 | ZDI-CAN-20286: Adobe Substance 3D Stager USDZ File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2023-26389 | ZDI-CAN-20258: Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26390 | ZDI-CAN-20255: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-26391 | ZDI-CAN-20256: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26392 | ZDI-CAN-20235: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26393 | ZDI-CAN-20234: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26394 | ZDI-CAN-20236: Adobe Substance 3D Stager USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-26395 | Adobe Acrobat parsing PDF Out-of-bounds Write Arbitrary code execution | | |
| CVE-2023-26396 | Adobe Acrobat Reader DC for macOS installer (AcroRdrDC_2200220191_MUI.pkg) contains a local privilege escalation vulnerability. | | |
| CVE-2023-26397 | [ZS-VR-22-112] Adobe Acrobat Out-of-bounds Read Memory leak | | |
| CVE-2023-26398 | ZDI-CAN-20310: Adobe Substance 3D Designer USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26400 | ZDI-CAN-20232: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26401 | ZDI-CAN-20278: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26402 | ZDI-CAN-20237: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26403 | ZDI-CAN-20259: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-26404 | ZDI-CAN-20143: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-26405 | ZDI-CAN-20712: Object Prototype pollution which leads to API Restrictions Bypass | | |
| CVE-2023-26406 | ZDI-CAN-20712: Net.HTTP.request URL restriction bypass | | |
| CVE-2023-26407 | ZDI-CAN-20712: Net.HTTP.request Arbitrary Command Execution | | |
| CVE-2023-26408 | ZDI-CAN-20712: AnnotsString Object prototype pollution Restrictions Bypass Vulnerability | | |
| CVE-2023-26409 | ZDI-CAN-20313: Adobe Substance 3D Designer USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26410 | ZDI-CAN-20309: Adobe Substance 3D Designer USD File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26411 | ZDI-CAN-20312: Adobe Substance 3D Designer USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26412 | ZDI-CAN-20314: Adobe Substance 3D Designer USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-26413 | ZDI-CAN-20315: Adobe Substance 3D Designer USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-26414 | ZDI-CAN-20316: Adobe Substance 3D Designer USD File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26415 | ZDI-CAN-20317: Adobe Substance 3D Designer DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-26416 | ZDI-CAN-20318: Adobe Substance 3D Designer DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-26417 | ZDI-CAN-20583: Adobe Acrobat Reader DC Popup Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26418 | ZDI-CAN-20311: Adobe Acrobat Reader DC AcroForm exportAsFDFStr Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26419 | ZDI-CAN-20274: Adobe Acrobat Reader DC AcroForm removeField Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26420 | ZDI-CAN-20227: Adobe Acrobat Reader DC AcroForm addField Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26421 | ZDI-CAN-19832: Adobe Acrobat Reader DC Doc Object Integer Underflow Remote Code Execution Vulnerability | | |
| CVE-2023-26422 | ZDI-CAN-20176: Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26423 | ZDI-CAN-20160: Adobe Acrobat Reader DC AcroForm insertItemAt Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26424 | ZDI-CAN-19833: Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-26425 | ZDI-CAN-19854: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-26426 | Adobe Illustrator (Beta) has a UAF vulnerability when parsing SVG files Arbitrary code execution | | |
| CVE-2023-26427 | Default permissions for a properties file were too permissive. Local system users could read potenti... | | |
| CVE-2023-26428 | Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users... | | |
| CVE-2023-26429 | Control characters were not removed when exporting user feedback content. This allowed attackers to ... | | |
| CVE-2023-26430 | Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter ... | | |
| CVE-2023-26431 | IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is... | | |
| CVE-2023-26432 | When adding an external mail account, processing of SMTP "capabilities" responses are not limited to... | | |
| CVE-2023-26433 | When adding an external mail account, processing of IMAP "capabilities" responses are not limited to... | | |
| CVE-2023-26434 | When adding an external mail account, processing of POP3 "capabilities" responses are not limited to... | | |
| CVE-2023-26435 | It was possible to call filesystem and network references using the local LibreOffice instance using... | | |
| CVE-2023-26436 | Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, ... | | |
| CVE-2023-26437 | Deterred spoofing attempts can lead to authoritative servers being marked unavailable | S | |
| CVE-2023-26438 | External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (T... | | |
| CVE-2023-26439 | The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently s... | | |
| CVE-2023-26440 | The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insuf... | | |
| CVE-2023-26441 | Cacheservice did not correctly check if relative cache object were pointing to the defined absolute ... | | |
| CVE-2023-26442 | In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP re... | | |
| CVE-2023-26443 | Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With... | | |
| CVE-2023-26445 | Frontend themes are defined by user-controllable jslob settings and could point to a malicious resou... | | |
| CVE-2023-26446 | The users clientID at "application passwords" was not sanitized or escaped before being added to DOM... | | |
| CVE-2023-26447 | The "upsell" widget for the portal allows to specify a product description. This description taken f... | | |
| CVE-2023-26448 | Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malici... | | |
| CVE-2023-26449 | The "OX Chat" web service did not specify a media-type when processing responses by external resourc... | | |
| CVE-2023-26450 | The "OX Count" web service did not specify a media-type when processing responses by external resour... | | |
| CVE-2023-26451 | Functions with insufficient randomness were used to generate authorization tokens of the integrated ... | | |
| CVE-2023-26452 | Requests to cache an image and return its metadata could be abused to include SQL queries that would... | | |
| CVE-2023-26453 | Requests to cache an image could be abused to include SQL queries that would be executed unchecked. ... | | |
| CVE-2023-26454 | Requests to fetch image metadata could be abused to include SQL queries that would be executed unche... | | |
| CVE-2023-26455 | RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers wit... | | |
| CVE-2023-26456 | Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficient... | | |
| CVE-2023-26457 | Cross-Site Scripting (XSS) vulnerability in SAP Content Server | | |
| CVE-2023-26458 | Information Disclosure vulnerability in SAP Landscape Management | | |
| CVE-2023-26459 | Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | | |
| CVE-2023-26460 | Improper Access Control in SAP NetWeaver AS Java (Cache Management Service) | | |
| CVE-2023-26461 | XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal) | | |
| CVE-2023-26462 | ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded servi... | | |
| CVE-2023-26463 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named... | M | |
| CVE-2023-26464 | Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender | | |
| CVE-2023-26465 | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.... | | |
| CVE-2023-26466 | A user with non-Admin access can change a configuration file on the client to modify the Server URL.... | | |
| CVE-2023-26467 | A man in the middle can redirect traffic to a malicious server in a compromised configuration.... | | |
| CVE-2023-26468 | Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.... | S | |
| CVE-2023-26469 | In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the s... | E | |
| CVE-2023-26470 | In XWiki Platform, saving a document with a large object number leads to persistent OOM errors | E S | |
| CVE-2023-26471 | XWiki Platform users may execute anything with superadmin right through comments and async macro | E S | |
| CVE-2023-26472 | XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile | E S | |
| CVE-2023-26473 | XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm | E S | |
| CVE-2023-26474 | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | E S | |
| CVE-2023-26475 | XWiki Platform vulnerable to Remote Code Execution in Annotations | E S | |
| CVE-2023-26476 | Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor | E S | |
| CVE-2023-26477 | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability | E S | |
| CVE-2023-26478 | org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function | E S | |
| CVE-2023-26479 | org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions | E S | |
| CVE-2023-26480 | XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data | E S | |
| CVE-2023-26481 | Insufficient user check in FlowTokens by Email stage | | |
| CVE-2023-26482 | Scope of workflow operations is not validated in nextcloud server | S | |
| CVE-2023-26483 | gosaml2 vulnerable to Denial of Service via deflate decompression bomb | S | |
| CVE-2023-26484 | On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs | M | |
| CVE-2023-26485 | Quadratic complexity may lead to a denial of service in cmark-gfm | E S | |
| CVE-2023-26486 | Vega `scale` expression function cross site scripting | E | |
| CVE-2023-26487 | Vega has cross-site scripting vulnerability in `lassoAppend` function | E S | |
| CVE-2023-26488 | OpenZeppelin Contracts contains Incorrect Calculation | S | |
| CVE-2023-26489 | Guest-controlled out-of-bounds read/write on x86_64 in wasmtime | S | |
| CVE-2023-26490 | mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync | E | |
| CVE-2023-26491 | RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters | S | |
| CVE-2023-26492 | Directus vulnerable to Server-Side Request Forgery On File Import | E S | |
| CVE-2023-26493 | Command Injection in Cocos Engine workflow | E S | |
| CVE-2023-26494 | lorawan-stack has open redirect vulnerability | E S | |
| CVE-2023-26495 | An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can f... | | |
| CVE-2023-26496 | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, ... | | |
| CVE-2023-26497 | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, ... | | |
| CVE-2023-26498 | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, ... | | |
| CVE-2023-26509 | AnyDesk 7.0.8 allows remote Denial of Service.... | | |
| CVE-2023-26510 | Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is... | | |
| CVE-2023-26511 | A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and ... | | |
| CVE-2023-26512 | Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data | | |
| CVE-2023-26513 | Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS | | |
| CVE-2023-26514 | WordPress XML Sitemap Generator for Google Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26515 | WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26516 | WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26517 | WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26518 | WordPress WP TFeed Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-26519 | WordPress Publish to Schedule Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26520 | WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability | | |
| CVE-2023-26521 | WordPress Search in Place plugin <= 1.0.104 - Missing Authorization Leading To Feedback Submission vulnerability | S | |
| CVE-2023-26522 | WordPress WP Repost plugin <= 0.1 - Broken Access Control vulnerability | | |
| CVE-2023-26523 | WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability | S | |
| CVE-2023-26524 | WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26525 | WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection | S | |
| CVE-2023-26526 | WordPress Bookly plugin <= 21.7.1 - Authenticated Arbitrary File Deletion vulnerability | S | |
| CVE-2023-26527 | WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-26528 | WordPress Shipyaari Shipping Management Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26529 | WordPress DupeOff Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26530 | WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26531 | WordPress 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 Plugin <= 4.2.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26532 | WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-26533 | WordPress Zippy Plugin <= 1.6.1 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-26534 | WordPress WP Repost Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26535 | WordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26536 | WordPress Sp*tify Play Button for WordPress Plugin <= 2.05 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-26537 | WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26538 | WordPress Chat Bee Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26539 | WordPress Advanced Text Widget Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26540 | WordPress Houzez theme <= 2.7.1 - Privilege Escalation | S | |
| CVE-2023-26541 | WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-26542 | WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26543 | WordPress WP Meteor Page Speed Optimization Topping Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-26544 | In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a d... | E | |
| CVE-2023-26545 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation f... | S | |
| CVE-2023-26546 | European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrar... | M | |
| CVE-2023-26547 | The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exp... | | |
| CVE-2023-26548 | The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of th... | | |
| CVE-2023-26549 | The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successf... | | |
| CVE-2023-26550 | A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitra... | E | |
| CVE-2023-26551 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp | | |
| CVE-2023-26552 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. ... | | |
| CVE-2023-26553 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing num... | | |
| CVE-2023-26554 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character.... | | |
| CVE-2023-26555 | praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack met... | | |
| CVE-2023-26556 | io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it rel... | | |
| CVE-2023-26557 | io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel ... | | |
| CVE-2023-26559 | A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Ox... | M | |
| CVE-2023-26560 | Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage t... | M | |
| CVE-2023-26562 | In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) ca... | | |
| CVE-2023-26563 | The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traver... | E | |
| CVE-2023-26564 | The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs dir... | E | |
| CVE-2023-26566 | Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Inte... | | |
| CVE-2023-26567 | Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMG... | | |
| CVE-2023-26568 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-26569 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-26570 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26571 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26572 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-26573 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26574 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26575 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26576 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26577 | Stored Cross-site Scripting In IDAttend’s IDWeb Application | | |
| CVE-2023-26578 | Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application | | |
| CVE-2023-26579 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26580 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-26581 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-26582 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-26583 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-26584 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-26585 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m... | | |
| CVE-2023-26586 | Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before v... | | |
| CVE-2023-26587 | Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated... | | |
| CVE-2023-26588 | Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access ... | S | |
| CVE-2023-26589 | Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated... | | |
| CVE-2023-26590 | Floating point exception in src/aiff.c | | |
| CVE-2023-26591 | Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 ma... | | |
| CVE-2023-26592 | Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before ve... | | |
| CVE-2023-26593 | CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensi... | | |
| CVE-2023-26595 | Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote au... | | |
| CVE-2023-26596 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m... | | |
| CVE-2023-26597 | Controller DOS on sending error response | | |
| CVE-2023-26599 | XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attack... | | |
| CVE-2023-26600 | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus... | | |
| CVE-2023-26601 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP ... | | |
| CVE-2023-26602 | ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using ... | E | |
| CVE-2023-26603 | JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. Th... | | |
| CVE-2023-26604 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations... | E | |
| CVE-2023-26605 | In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeba... | E | |
| CVE-2023-26606 | In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.... | E | |
| CVE-2023-26607 | In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.... | E | |
| CVE-2023-26608 | SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS v... | E | |
| CVE-2023-26609 | ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharac... | E | |
| CVE-2023-26612 | D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from ... | E | |
| CVE-2023-26613 | An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorize... | E | |
| CVE-2023-26615 | D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from t... | E | |
| CVE-2023-26616 | D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from ... | E | |
| CVE-2023-26686 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary cod... | E | |
| CVE-2023-26687 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain se... | E | |
| CVE-2023-26688 | Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to ru... | E | |
| CVE-2023-26689 | An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account p... | E | |
| CVE-2023-26690 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary cod... | E | |
| CVE-2023-26691 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbit... | E | |
| CVE-2023-26692 | ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper... | E | |
| CVE-2023-26733 | Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of s... | E | |
| CVE-2023-26735 | blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. ... | | |
| CVE-2023-26750 | SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remo... | E | |
| CVE-2023-26756 | The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's po... | E | |
| CVE-2023-26758 | Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the c... | E | |
| CVE-2023-26759 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via cal... | E | |
| CVE-2023-26760 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via t... | E | |
| CVE-2023-26762 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.... | E | |
| CVE-2023-26767 | Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial ... | E S | |
| CVE-2023-26768 | Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial ... | E S | |
| CVE-2023-26769 | Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause... | S | |
| CVE-2023-26770 | TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a regist... | E | |
| CVE-2023-26771 | Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the fil... | E | |
| CVE-2023-26773 | Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote at... | E | |
| CVE-2023-26774 | An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive... | | |
| CVE-2023-26775 | File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary co... | | |
| CVE-2023-26776 | Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arb... | | |
| CVE-2023-26777 | Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remo... | | |
| CVE-2023-26779 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execu... | E | |
| CVE-2023-26780 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.... | E | |
| CVE-2023-26781 | SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via A... | E | |
| CVE-2023-26782 | An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend ... | E | |
| CVE-2023-26784 | SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to exec... | | |
| CVE-2023-26785 | MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in ... | | |
| CVE-2023-26788 | Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be man... | E | |
| CVE-2023-26789 | Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). T... | | |
| CVE-2023-26793 | libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/m... | E | |
| CVE-2023-26800 | Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command inje... | E | |
| CVE-2023-26801 | LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300... | E | |
| CVE-2023-26802 | An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-L... | E | |
| CVE-2023-26805 | Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overf... | E | |
| CVE-2023-26806 | Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via fu... | E | |
| CVE-2023-26812 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-26813. Reason: This record is a re... | R | |
| CVE-2023-26813 | SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPl... | E | |
| CVE-2023-26817 | codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vul... | E | |
| CVE-2023-26818 | Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording... | E | |
| CVE-2023-26819 | cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ ... | | |
| CVE-2023-26820 | siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js.... | E | |
| CVE-2023-26822 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the ... | E | |
| CVE-2023-26823 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-0783. Reason: This record is a dup... | R | |
| CVE-2023-26829 | An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack befor... | E | |
| CVE-2023-26830 | An unrestricted file upload vulnerability in the administrative portal branding component of Gladine... | E | |
| CVE-2023-26839 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit infor... | E | |
| CVE-2023-26840 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a pers... | E | |
| CVE-2023-26841 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any... | E | |
| CVE-2023-26842 | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inje... | E | |
| CVE-2023-26843 | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inje... | E | |
| CVE-2023-26845 | A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submittin... | | |
| CVE-2023-26846 | A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arb... | | |
| CVE-2023-26847 | A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arb... | | |
| CVE-2023-26848 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability ... | E | |
| CVE-2023-26852 | An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows a... | E | |
| CVE-2023-26855 | The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to... | E | |
| CVE-2023-26856 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via ... | E | |
| CVE-2023-26857 | An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction... | E | |
| CVE-2023-26858 | SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate pri... | E S | |
| CVE-2023-26859 | SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attack... | S | |
| CVE-2023-26860 | SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker ... | E S | |
| CVE-2023-26861 | SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attac... | S | |
| CVE-2023-26862 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-26863 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-26864 | SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a ... | E S | |
| CVE-2023-26865 | SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attack... | E M | |
| CVE-2023-26866 | GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-463... | | |
| CVE-2023-26876 | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute ... | E | |
| CVE-2023-26877 | File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arb... | | |
| CVE-2023-26905 | An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that ... | E | |
| CVE-2023-26911 | ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vul... | | |
| CVE-2023-26912 | Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae7... | E | |
| CVE-2023-26913 | EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_... | E | |
| CVE-2023-26916 | libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the functi... | | |
| CVE-2023-26917 | libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the functi... | E | |
| CVE-2023-26918 | Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate... | E | |
| CVE-2023-26919 | delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is ... | E | |
| CVE-2023-26920 | fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.... | E S | |
| CVE-2023-26921 | OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary command... | E | |
| CVE-2023-26922 | SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute ar... | E | |
| CVE-2023-26923 | Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigu... | E | |
| CVE-2023-26924 | LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispu... | E | |
| CVE-2023-26925 | An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A... | E | |
| CVE-2023-26930 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service v... | E | |
| CVE-2023-26931 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2022-30524. Reason: This record is a du... | R | |
| CVE-2023-26934 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This re... | R | |
| CVE-2023-26935 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This re... | R | |
| CVE-2023-26936 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This re... | R | |
| CVE-2023-26937 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This re... | R | |
| CVE-2023-26938 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This re... | R | |
| CVE-2023-26941 | Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a clone... | E | |
| CVE-2023-26942 | Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a clone... | E | |
| CVE-2023-26943 | Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a clone... | E | |
| CVE-2023-26948 | onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component ... | E | |
| CVE-2023-26949 | An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 ... | E | |
| CVE-2023-26950 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2023-26951 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via t... | | |
| CVE-2023-26952 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2023-26953 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2023-26954 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2023-26955 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2023-26956 | onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component ... | E | |
| CVE-2023-26957 | onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the componen... | E | |
| CVE-2023-26958 | Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the ... | | |
| CVE-2023-26959 | Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name par... | | |
| CVE-2023-26961 | Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulner... | E | |
| CVE-2023-26964 | An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component proc... | E | |
| CVE-2023-26965 | loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a craft... | E S | |
| CVE-2023-26966 | libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-... | E S | |
| CVE-2023-26968 | In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vul... | E | |
| CVE-2023-26969 | Atropim 1.5.26 is vulnerable to Directory Traversal.... | E | |
| CVE-2023-26974 | Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at J... | E | |
| CVE-2023-26976 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in th... | E | |
| CVE-2023-26978 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2023-26979 | Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-m... | E | |
| CVE-2023-26980 | PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows at... | E | |
| CVE-2023-26982 | Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the A... | E | |
| CVE-2023-26984 | An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails a... | E | |
| CVE-2023-26986 | An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands... | E | |
| CVE-2023-26987 | An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless o... | E | |
| CVE-2023-26991 | SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in li... | E | |
| CVE-2023-26998 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to e... | E | |
| CVE-2023-26999 | An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and... | E |