| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-27000 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to e... | E | |
| CVE-2023-27001 | An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism... | E | |
| CVE-2023-27008 | A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in A... | E | |
| CVE-2023-27010 | Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. Th... | | |
| CVE-2023-27012 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSched... | E | |
| CVE-2023-27013 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_pare... | E | |
| CVE-2023-27014 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC... | E | |
| CVE-2023-27015 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75... | E | |
| CVE-2023-27016 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSe... | E | |
| CVE-2023-27017 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC... | E | |
| CVE-2023-27018 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC... | E | |
| CVE-2023-27019 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458F... | E | |
| CVE-2023-27020 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the savePare... | E | |
| CVE-2023-27021 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetF... | E | |
| CVE-2023-27025 | An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and bel... | E | |
| CVE-2023-27032 | Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnera... | S | |
| CVE-2023-27033 | Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via t... | E S | |
| CVE-2023-27034 | PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.... | S | |
| CVE-2023-27035 | An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, ... | E | |
| CVE-2023-27037 | Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Ge... | E | |
| CVE-2023-27040 | Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via ... | E | |
| CVE-2023-27041 | School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via ... | E | |
| CVE-2023-27042 | Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.... | E | |
| CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special... | E | |
| CVE-2023-27052 | E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter a... | E | |
| CVE-2023-27054 | A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to... | E S | |
| CVE-2023-27055 | Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted G... | | |
| CVE-2023-27059 | A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows att... | E | |
| CVE-2023-27060 | LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:... | E S | |
| CVE-2023-27061 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability ... | E | |
| CVE-2023-27062 | Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in... | E | |
| CVE-2023-27063 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability ... | E | |
| CVE-2023-27064 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability ... | E | |
| CVE-2023-27065 | Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability ... | E | |
| CVE-2023-27066 | Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authentic... | E | |
| CVE-2023-27067 | Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attacke... | E | |
| CVE-2023-27068 | Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attacke... | E | |
| CVE-2023-27069 | A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows atta... | E | |
| CVE-2023-27070 | A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows atta... | E | |
| CVE-2023-27073 | A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change u... | | |
| CVE-2023-27074 | BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the... | | |
| CVE-2023-27075 | A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0... | E S | |
| CVE-2023-27076 | Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary c... | E | |
| CVE-2023-27077 | Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denia... | E | |
| CVE-2023-27078 | A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to ex... | E | |
| CVE-2023-27079 | Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive ... | E | |
| CVE-2023-27082 | Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allow... | | |
| CVE-2023-27083 | An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to... | | |
| CVE-2023-27084 | Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain s... | E | |
| CVE-2023-27087 | Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to ob... | E | |
| CVE-2023-27088 | feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. dem... | E | |
| CVE-2023-27089 | Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of servic... | E | |
| CVE-2023-27090 | Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensit... | E | |
| CVE-2023-27091 | An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privilege... | E | |
| CVE-2023-27092 | Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive informatio... | E | |
| CVE-2023-27093 | Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service vi... | E | |
| CVE-2023-27094 | An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPo... | | |
| CVE-2023-27095 | Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate pri... | E | |
| CVE-2023-27096 | Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sens... | E | |
| CVE-2023-27098 | TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.... | E | |
| CVE-2023-27100 | Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSen... | S | |
| CVE-2023-27102 | Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context... | E | |
| CVE-2023-27103 | Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated... | E | |
| CVE-2023-27105 | A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanlin... | E | |
| CVE-2023-27107 | Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 ... | E | |
| CVE-2023-27108 | An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Act... | E | |
| CVE-2023-27112 | pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode p... | E | |
| CVE-2023-27113 | pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationC... | E | |
| CVE-2023-27114 | radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/w... | E | |
| CVE-2023-27115 | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compu... | E | |
| CVE-2023-27116 | WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.... | E | |
| CVE-2023-27117 | WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node... | E | |
| CVE-2023-27119 | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompile... | E | |
| CVE-2023-27121 | A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleas... | E | |
| CVE-2023-27126 | The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 22... | E | |
| CVE-2023-27130 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbi... | E S | |
| CVE-2023-27131 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbi... | E | |
| CVE-2023-27132 | TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source co... | E | |
| CVE-2023-27133 | TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFI... | E | |
| CVE-2023-27135 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2023-27148 | A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2... | E | |
| CVE-2023-27149 | A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers t... | E | |
| CVE-2023-27150 | openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name fiel... | E | |
| CVE-2023-27151 | openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity... | E | |
| CVE-2023-27152 | DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a... | E | |
| CVE-2023-27159 | Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the compone... | E | |
| CVE-2023-27160 | forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the compo... | E | |
| CVE-2023-27161 | Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the compon... | E | |
| CVE-2023-27162 | openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via th... | E | |
| CVE-2023-27163 | request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the ... | E | |
| CVE-2023-27164 | An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary co... | E | |
| CVE-2023-27167 | Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values par... | E | |
| CVE-2023-27168 | An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to exe... | E | |
| CVE-2023-27169 | Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads ... | | |
| CVE-2023-27170 | Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modificatio... | E | |
| CVE-2023-27171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-27172 | Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers t... | E | |
| CVE-2023-27178 | An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers ... | | |
| CVE-2023-27179 | GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via ... | | |
| CVE-2023-27180 | GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup fe... | E | |
| CVE-2023-27191 | An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service v... | E | |
| CVE-2023-27192 | An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service v... | E | |
| CVE-2023-27193 | An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_us... | E | |
| CVE-2023-27195 | Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&... | | |
| CVE-2023-27197 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root acces... | | |
| CVE-2023-27198 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary com... | | |
| CVE-2023-27199 | PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious s... | | |
| CVE-2023-27202 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2023-27203 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2023-27204 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2023-27205 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month... | E | |
| CVE-2023-27206 | A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 ... | E | |
| CVE-2023-27207 | Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id ... | E | |
| CVE-2023-27208 | A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.... | E | |
| CVE-2023-27210 | Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id ... | E | |
| CVE-2023-27211 | A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 ... | E | |
| CVE-2023-27212 | A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1... | E | |
| CVE-2023-27213 | Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2023-27214 | Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabiliti... | E | |
| CVE-2023-27216 | An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code... | | |
| CVE-2023-27217 | A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 ... | E | |
| CVE-2023-27224 | An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua ... | E | |
| CVE-2023-27225 | A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System w... | | |
| CVE-2023-27229 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2023-27231 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2023-27232 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2023-27233 | Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] p... | E | |
| CVE-2023-27234 | A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitr... | E | |
| CVE-2023-27235 | An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2... | E | |
| CVE-2023-27237 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.... | | |
| CVE-2023-27238 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.... | | |
| CVE-2023-27239 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /g... | E | |
| CVE-2023-27240 | Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip par... | E | |
| CVE-2023-27241 | SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vuln... | E | |
| CVE-2023-27242 | SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vu... | E | |
| CVE-2023-27243 | An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain clearte... | | |
| CVE-2023-27245 | A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to exec... | E | |
| CVE-2023-27246 | An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to ... | | |
| CVE-2023-27247 | Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functio... | E | |
| CVE-2023-27249 | swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject a... | E | |
| CVE-2023-27250 | Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.... | E | |
| CVE-2023-27253 | A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows... | S | |
| CVE-2023-27254 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-27255 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-27256 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27257 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27258 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27259 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27260 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-27261 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27262 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application | | |
| CVE-2023-27263 | IDOR: Accessing playbook runs via the Playbooks Runs API | S | |
| CVE-2023-27264 | IDOR: Updating a playbook via the Playbooks API | S | |
| CVE-2023-27265 | Disclosure of team owner email address when regenerating Invite ID | S | |
| CVE-2023-27266 | Disclosure of team owner email address when when accessing the teams API | S | |
| CVE-2023-27267 | Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge) | | |
| CVE-2023-27268 | Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service) | | |
| CVE-2023-27269 | Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | | |
| CVE-2023-27270 | Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform | | |
| CVE-2023-27271 | Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform | | |
| CVE-2023-27272 | IBM Aspera Console weak password requirements | S | |
| CVE-2023-27279 | IBM Aspera Faspex denial of service | | |
| CVE-2023-27283 | IBM Aspera Orchestrator information disclosure | | |
| CVE-2023-27284 | IBM Aspera code execution | S | |
| CVE-2023-27285 | IBM Aspera buffer overflow | S | |
| CVE-2023-27286 | IBM Aspera code execution | S | |
| CVE-2023-27290 | IBM Observability with Instana missing authentication | | |
| CVE-2023-27291 | IBM Watson CP4D Data Stores information disclosure | | |
| CVE-2023-27292 | An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of ... | E | |
| CVE-2023-27293 | Improper neutralization of input during web page generation allows an unauthenticated attacker to su... | E | |
| CVE-2023-27294 | Improper neutralization of input during web page generation allows an authenticated attacker with ac... | E | |
| CVE-2023-27295 | Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST request... | E | |
| CVE-2023-27296 | Apache InLong: JDBC Deserialization Vulnerability in InLong | S | |
| CVE-2023-27298 | Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id... | | |
| CVE-2023-27300 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version... | | |
| CVE-2023-27301 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m... | | |
| CVE-2023-27303 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m... | | |
| CVE-2023-27304 | Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 a... | | |
| CVE-2023-27305 | Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 m... | | |
| CVE-2023-27306 | Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authentic... | | |
| CVE-2023-27307 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version... | | |
| CVE-2023-27308 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version... | | |
| CVE-2023-27309 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query ha... | | |
| CVE-2023-27310 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query ha... | | |
| CVE-2023-27311 | NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new ... | | |
| CVE-2023-27312 | Privilege Escalation Vulnerability in SnapCenter Plugin for VMware vSphere | | |
| CVE-2023-27313 | Privilege Escalation Vulnerability in SnapCenter | | |
| CVE-2023-27314 | Denial of Service Vulnerability in ONTAP 9 | | |
| CVE-2023-27315 | Information Disclosure Vulnerability in SnapGathers | | |
| CVE-2023-27316 | Privilege Escalation Vulnerability in SnapCenter | | |
| CVE-2023-27317 | Information Disclosure Vulnerability in ONTAP 9 | | |
| CVE-2023-27318 | Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale) | | |
| CVE-2023-27319 | CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator | | |
| CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature.... | E | |
| CVE-2023-27321 | OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability | | |
| CVE-2023-27322 | Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability | | |
| CVE-2023-27323 | Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability | | |
| CVE-2023-27324 | Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability | | |
| CVE-2023-27325 | Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability | | |
| CVE-2023-27326 | Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability | | |
| CVE-2023-27327 | Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability | | |
| CVE-2023-27328 | Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability | | |
| CVE-2023-27329 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-27330 | Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-27331 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-27332 | TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-27333 | TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-27334 | Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability | | |
| CVE-2023-27335 | Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability | | |
| CVE-2023-27336 | Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability | | |
| CVE-2023-27337 | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-27338 | PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-27339 | PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-27340 | PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-27341 | PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-27342 | PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-27343 | PDF-XChange Editor EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-27344 | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-27345 | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-27346 | TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-27347 | G DATA Total Security Link Following Local Privilege Escalation Vulnerability | | |
| CVE-2023-27348 | PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-27349 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability | S | |
| CVE-2023-27350 | This vulnerability allows remote attackers to bypass authentication on affected installations of Pap... | KEV E | |
| CVE-2023-27351 | This vulnerability allows remote attackers to bypass authentication on affected installations of Pap... | | |
| CVE-2023-27352 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2023-27353 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i... | | |
| CVE-2023-27354 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i... | | |
| CVE-2023-27355 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2023-27356 | NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-27357 | NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability | | |
| CVE-2023-27358 | NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability | | |
| CVE-2023-27359 | TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability | | |
| CVE-2023-27360 | NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability | | |
| CVE-2023-27361 | NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-27362 | 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability | | |
| CVE-2023-27363 | Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability | | |
| CVE-2023-27364 | Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability | | |
| CVE-2023-27365 | Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability | | |
| CVE-2023-27366 | Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-27367 | NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-27368 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability | | |
| CVE-2023-27369 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability | | |
| CVE-2023-27370 | NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability | | |
| CVE-2023-27371 | GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a m... | E S | |
| CVE-2023-27372 | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serializat... | S | |
| CVE-2023-27373 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input v... | | |
| CVE-2023-27375 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27376 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27377 | Missing Authentication In IDAttend’s IDWeb Application | | |
| CVE-2023-27378 | BIG-IP TMUI XSS vulnerability | | |
| CVE-2023-27379 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi... | E | |
| CVE-2023-27380 | An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Sur... | E | |
| CVE-2023-27382 | Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element softwar... | | |
| CVE-2023-27383 | Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library soft... | S | |
| CVE-2023-27384 | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote au... | | |
| CVE-2023-27385 | Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a use... | M | |
| CVE-2023-27386 | Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated ... | | |
| CVE-2023-27387 | Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows... | | |
| CVE-2023-27388 | Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products al... | | |
| CVE-2023-27389 | Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authe... | M | |
| CVE-2023-27390 | A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon ... | E | |
| CVE-2023-27391 | Improper access control in some Intel(R) oneAPI Toolkit and component software installers before ver... | | |
| CVE-2023-27392 | Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 m... | | |
| CVE-2023-27394 | CVE-2023-27394 | | |
| CVE-2023-27395 | A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of... | E S | |
| CVE-2023-27396 | FINS (Factory Interface Network Service) is a message communication protocol, which is designed to b... | | |
| CVE-2023-27397 | Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.... | | |
| CVE-2023-27398 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27399 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27400 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27401 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27402 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27403 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27404 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27405 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27406 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The ... | | |
| CVE-2023-27407 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based managem... | | |
| CVE-2023-27408 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file ... | | |
| CVE-2023-27409 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vuln... | | |
| CVE-2023-27410 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer o... | | |
| CVE-2023-27411 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applic... | | |
| CVE-2023-27412 | WordPress Mocho Blog Theme <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27413 | WordPress W4 Post List Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27414 | WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27415 | WordPress LetterPress Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27416 | WordPress Decon WP SMS Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27417 | WordPress Affiliate Super Assistent Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27418 | WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27419 | WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27420 | WordPress Arya Multipurpose Theme <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27421 | WordPress Everest News Theme <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27422 | WordPress NS Coupon to Become Customer Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27423 | WordPress Auto Prune Posts Plugin <= 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27424 | WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27425 | WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27426 | WordPress NotifyVisitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27427 | WordPress CRM Memberships Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27428 | WordPress WP users media plugin <= 4.2.3 - Broken Access Control vulnerability | | |
| CVE-2023-27429 | WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27430 | WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27431 | WordPress Big Store Theme <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27432 | WordPress Manage Upload Limit Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27433 | WordPress Make Paths Relative Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27434 | WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27435 | WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27436 | WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27437 | WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability | S | |
| CVE-2023-27438 | WordPress WP Translitera Plugin <= p1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-27439 | WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27440 | WordPress Toolset Types plugin <= 3.4.17 - Authenticated Arbitrary File Upload Vulnerability | S | |
| CVE-2023-27441 | WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-27442 | WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27443 | WordPress Simple Vimeo Shortcode Plugin <= 2.9.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27444 | WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27445 | WordPress Blog Floating Button Plugin <= 1.4.12 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27446 | WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27447 | WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-27448 | WordPress MakeStories (for Google Web Stories) Plugin <= 2.8.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-27449 | WordPress Total Poll Lite plugin <= 4.8.6 - Broken Access Control vulnerability | S | |
| CVE-2023-27450 | WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27451 | WordPress Instant Images Plugin <= 5.1.0.2 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-27452 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27453 | WordPress LWS Tools Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27454 | WordPress Rife Elementor Extensions & Templates plugin <= 1.1.10 - Broken Access Control vulnerability | S | |
| CVE-2023-27455 | WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27456 | WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation | S | |
| CVE-2023-27457 | WordPress Add Expires Headers & Optimized Minify Plugin <= 2.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27458 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.4.10 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27459 | WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability | S | |
| CVE-2023-27460 | WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability | S | |
| CVE-2023-27461 | WordPress When Last Login Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27462 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query ha... | | |
| CVE-2023-27463 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form ... | | |
| CVE-2023-27464 | A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < ... | | |
| CVE-2023-27465 | A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C24... | S | |
| CVE-2023-27469 | Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service v... | | |
| CVE-2023-27470 | BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Rac... | E | |
| CVE-2023-27471 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not... | | |
| CVE-2023-27472 | HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next | S | |
| CVE-2023-27474 | HTML Injection in Password Reset email to custom Reset URL in directus | S | |
| CVE-2023-27475 | Goutil vulnerable to path traversal when unzipping files | S | |
| CVE-2023-27476 | XML External Entity (XXE) Injection in OWSLib | S | |
| CVE-2023-27477 | wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift... | S | |
| CVE-2023-27478 | Disclosure of unrelated data in libmemcached-awesome | E S | |
| CVE-2023-27479 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui | E S | |
| CVE-2023-27480 | Data leak through a XAR import XXE attack in xwiki-platform-xar-model | E S | |
| CVE-2023-27481 | Extract password hashes through export querying in directus | S | |
| CVE-2023-27482 | homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing... | | |
| CVE-2023-27483 | fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime | S | |
| CVE-2023-27484 | Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane | | |
| CVE-2023-27485 | Insufficient verification of authorisation when accessing subresults in thmmniii/fbs-core | S | |
| CVE-2023-27486 | Insufficient authorization validation between zones when xCAT zones are enabled | E S | |
| CVE-2023-27487 | Envoy client may fake the header `x-envoy-original-path` | E | |
| CVE-2023-27488 | Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received. | E M | |
| CVE-2023-27489 | Stored cross site scripting via SVG file upload in Kiwi TCMS | S | |
| CVE-2023-27490 | Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth | E | |
| CVE-2023-27491 | Envoy forwards invalid Http2/Http3 downstream headers | E | |
| CVE-2023-27492 | Envoy may crash when a large request body is processed in Lua filter | E | |
| CVE-2023-27493 | Envoy doesn't escape HTTP header values | E | |
| CVE-2023-27494 | Streamlit Cross-site Scripting vulnerability | S | |
| CVE-2023-27495 | Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection | S | |
| CVE-2023-27496 | Envoy may crash when a redirect url without a state param is received in the oauth filter | E | |
| CVE-2023-27497 | Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector) | | |
| CVE-2023-27498 | Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL) | | |
| CVE-2023-27499 | Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML | | |
| CVE-2023-27500 | Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | | |
| CVE-2023-27501 | Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | | |
| CVE-2023-27502 | Insertion of sensitive information into log file for some Intel(R) Local Manageability Service softw... | | |
| CVE-2023-27504 | Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potent... | | |
| CVE-2023-27505 | Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software inst... | | |
| CVE-2023-27506 | Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.1... | | |
| CVE-2023-27507 | MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product'... | | |
| CVE-2023-27509 | Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an... | | |
| CVE-2023-27510 | JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulner... | | |
| CVE-2023-27512 | Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, a... | | |
| CVE-2023-27513 | Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software befo... | S | |
| CVE-2023-27514 | OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions p... | | |
| CVE-2023-27515 | Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthentic... | S | |
| CVE-2023-27516 | An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN ... | E S | |
| CVE-2023-27517 | Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.... | | |
| CVE-2023-27518 | Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versio... | | |
| CVE-2023-27519 | Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileg... | | |
| CVE-2023-27520 | Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config... | M | |
| CVE-2023-27521 | OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versio... | | |
| CVE-2023-27522 | Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting | | |
| CVE-2023-27523 | Apache Superset: Improper data permission validation on Jinja templated queries | | |
| CVE-2023-27524 | Apache Superset: Session validation vulnerability when using provided default SECRET_KEY | KEV E | |
| CVE-2023-27525 | Apache Superset: Incorrect default permissions for Gamma role | | |
| CVE-2023-27526 | Apache Superset: Improper Authorization check on import charts | | |
| CVE-2023-27527 | Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By... | | |
| CVE-2023-27529 | Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution befo... | | |
| CVE-2023-27530 | A DoS vulnerability exists in Rack | S | |
| CVE-2023-27531 | There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code... | | |
| CVE-2023-27532 | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the con... | KEV | |
| CVE-2023-27533 | A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protoc... | E | |
| CVE-2023-27534 | A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) charac... | E | |
| CVE-2023-27535 | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature ... | E | |
| CVE-2023-27536 | An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which c... | E | |
| CVE-2023-27537 | A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handle... | E | |
| CVE-2023-27538 | An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previousl... | E | |
| CVE-2023-27539 | There is a denial of service vulnerability in the header parsing component of Rack.... | | |
| CVE-2023-27540 | IBM Watson CP4D Data Stores denial of service | | |
| CVE-2023-27545 | IBM Watson CloudPak for Data Data Stores information disclosure | | |
| CVE-2023-27554 | IBM WebSphere Application Server XML external entity injection | S | |
| CVE-2023-27555 | IBM Db2 denial of service | S | |
| CVE-2023-27556 | IBM Safer Payments denial of service | | |
| CVE-2023-27557 | IBM Safter Payments information disclosure | | |
| CVE-2023-27558 | IBM Db2 privilege escalation | S | |
| CVE-2023-27559 | IBM Db2 denial of service | | |
| CVE-2023-27560 | Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.... | S | |
| CVE-2023-27561 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libc... | E | |
| CVE-2023-27562 | The n8n package 0.218.0 for Node.js allows Directory Traversal.... | E | |
| CVE-2023-27563 | The n8n package 0.218.0 for Node.js allows Escalation of Privileges.... | E | |
| CVE-2023-27564 | The n8n package 0.218.0 for Node.js allows Information Disclosure.... | E | |
| CVE-2023-27566 | Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset T... | E | |
| CVE-2023-27567 | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the ... | S | |
| CVE-2023-27568 | SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via c... | E | |
| CVE-2023-27569 | The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Refer... | E | |
| CVE-2023-27570 | The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.... | S | |
| CVE-2023-27571 | An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshootin... | E | |
| CVE-2023-27572 | An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A ... | E | |
| CVE-2023-27574 | ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIG... | S | |
| CVE-2023-27576 | An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipul... | E | |
| CVE-2023-27577 | Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum | S | |
| CVE-2023-27578 | Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check | S | |
| CVE-2023-27579 | TensorFlow has Floating Point Exception in TFLite in conv kernel | S | |
| CVE-2023-27580 | CodeIgniter Shield Password Shucking Vulnerability | S | |
| CVE-2023-27581 | github-slug-action vulnerable to arbitrary code execution | E S | |
| CVE-2023-27582 | Full authentication bypass if SASL authorization username is specified | S | |
| CVE-2023-27583 | Panindex uses hard coded cyptographic key | S | |
| CVE-2023-27584 | Dragonfly2 vulnerable to hard coded cyptographic key | E | |
| CVE-2023-27585 | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vul... | S | |
| CVE-2023-27586 | CairoSVG improperly processes SVG files loaded from external resources | S | |
| CVE-2023-27587 | ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error... | S | |
| CVE-2023-27588 | Unauthenticated path traversal vulnerability in Hasura GraphQL Engine | S | |
| CVE-2023-27589 | Minio vulnerable to denial of access by an admin privileged user for root credential | E S | |
| CVE-2023-27590 | Rizin has stack-based buffer overflow when parsing GDB registers profile files | S | |
| CVE-2023-27591 | Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics | S | |
| CVE-2023-27592 | Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler | S | |
| CVE-2023-27593 | cilium-agent container can access the host via `hostPath` mount | | |
| CVE-2023-27594 | Cilium vulnerable to potential network policy bypass when routing IPv6 traffic | | |
| CVE-2023-27595 | Cilium eBPF filters may be temporarily removed during agent restart | | |
| CVE-2023-27596 | OpenSIPS has vulnerability in the codec_delete_XX() functions | S | |
| CVE-2023-27597 | OpenSIPS has vulnerability in the parse_uri() function | S | |
| CVE-2023-27598 | OpenSIPS has vulnerability in the parse_via() function | S | |
| CVE-2023-27599 | OpenSIPS has vulnerability in the parse_to_param() function | S | |
| CVE-2023-27600 | OpenSIPS has vulnerability in the codec_delete_XX() functions | S | |
| CVE-2023-27601 | OpenSIPS has vulnerability in the codec_delete_XX() functions | S | |
| CVE-2023-27602 | Apache Linkis publicsercice module unrestricted upload of file | | |
| CVE-2023-27603 | Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue | | |
| CVE-2023-27604 | Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability | S | |
| CVE-2023-27605 | WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to SQL Injection | S | |
| CVE-2023-27606 | WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27607 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability | S | |
| CVE-2023-27608 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability | S | |
| CVE-2023-27609 | WordPress WP Roles at Registration plugin <= 0.23 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2023-27610 | WordPress Transbank Webpay REST Plugin <= 1.6.6 is vulnerable to SQL Injection | S | |
| CVE-2023-27611 | WordPress Reusable Blocks Extended Plugin <= 0.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27612 | WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27613 | WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27614 | WordPress Motor Racing League Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27615 | WordPress WP Super Minify Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27616 | WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27617 | WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27618 | WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27619 | WordPress Regina Lite Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27620 | WordPress Robo Gallery Plugin <= 3.2.12 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-27621 | WordPress Livestream Notice Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-27622 | WordPress GuruWalk Affiliates Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27623 | WordPress WP Page Numbers Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-27624 | WordPress Redirect After Login Plugin <= 0.1.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27625 | WordPress Site Reviews plugin <= 6.5.0 - Broken Access Control vulnerability | S | |
| CVE-2023-27626 | WordPress Stock Ticker plugin <= 3.23.0 - Broken Access Control vulnerability | S | |
| CVE-2023-27627 | WordPress Woocommerce Email Report Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27628 | WordPress Sitekit Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27629 | WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-27630 | WordPress Community by PeepSo plugin <= 6.0.9.0 - Server Information Disclosure | S | |
| CVE-2023-27631 | WordPress Daily Prayer Time Plugin <= 2023.05.04 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-27632 | WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27633 | WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-27634 | WordPress Intrepidity Theme <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-27635 | debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an... | | |
| CVE-2023-27636 | Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF E... | E | |
| CVE-2023-27637 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre... | E S | |
| CVE-2023-27638 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre... | E S | |
| CVE-2023-27639 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre... | E S | |
| CVE-2023-27640 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre... | E S | |
| CVE-2023-27641 | The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an at... | E | |
| CVE-2023-27643 | An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a ... | E | |
| CVE-2023-27645 | An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker ... | E | |
| CVE-2023-27647 | An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service... | E | |
| CVE-2023-27648 | Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows ... | E | |
| CVE-2023-27649 | SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.... | E | |
| CVE-2023-27650 | An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute ar... | E | |
| CVE-2023-27651 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges vi... | E | |
| CVE-2023-27652 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges ca... | E | |
| CVE-2023-27653 | An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service vi... | E | |
| CVE-2023-27654 | An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privil... | E | |
| CVE-2023-27655 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This re... | R | |
| CVE-2023-27666 | Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabil... | | |
| CVE-2023-27667 | Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.... | | |
| CVE-2023-27700 | MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /a... | E | |
| CVE-2023-27701 | MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /d... | E | |
| CVE-2023-27703 | The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug in... | E | |
| CVE-2023-27704 | Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial o... | | |
| CVE-2023-27705 | APNG_Optimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.pn... | E | |
| CVE-2023-27706 | Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Cr... | E | |
| CVE-2023-27707 | SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary... | E | |
| CVE-2023-27709 | SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary... | E | |
| CVE-2023-27711 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbi... | E | |
| CVE-2023-27716 | An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to ... | | |
| CVE-2023-27718 | D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vu... | E | |
| CVE-2023-27719 | D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vu... | E | |
| CVE-2023-27720 | D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vu... | E | |
| CVE-2023-27727 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_f... | E | |
| CVE-2023-27728 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_re... | E S | |
| CVE-2023-27729 | Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at ... | S | |
| CVE-2023-27730 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_fin... | E S | |
| CVE-2023-27733 | DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys... | E | |
| CVE-2023-27734 | An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service vi... | S | |
| CVE-2023-27739 | easyXDM 2.5 allows XSS via the xdm_e parameter.... | | |
| CVE-2023-27742 | IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/log... | E | |
| CVE-2023-27744 | An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertic... | E | |
| CVE-2023-27745 | An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level pri... | E | |
| CVE-2023-27746 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which ... | E | |
| CVE-2023-27747 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vul... | E | |
| CVE-2023-27748 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. ... | E | |
| CVE-2023-27751 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-27752 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-27754 | vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcp... | E | |
| CVE-2023-27755 | go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/... | E | |
| CVE-2023-27757 | An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 ... | E | |
| CVE-2023-27759 | An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to exec... | E | |
| CVE-2023-27760 | An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execut... | E | |
| CVE-2023-27761 | An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to ... | E | |
| CVE-2023-27762 | An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to ex... | E | |
| CVE-2023-27763 | An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to exe... | E | |
| CVE-2023-27764 | An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execut... | E | |
| CVE-2023-27765 | An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to exec... | E | |
| CVE-2023-27766 | An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute a... | E | |
| CVE-2023-27767 | An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execut... | E | |
| CVE-2023-27768 | An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execu... | E | |
| CVE-2023-27769 | An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to exec... | E | |
| CVE-2023-27770 | An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to exec... | E | |
| CVE-2023-27771 | An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker t... | E | |
| CVE-2023-27772 | libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObject... | E S | |
| CVE-2023-27775 | A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbit... | E | |
| CVE-2023-27776 | A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry... | E | |
| CVE-2023-27777 | Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows atta... | | |
| CVE-2023-27779 | AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter i... | E | |
| CVE-2023-27781 | jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.... | E S | |
| CVE-2023-27783 | An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service... | E S | |
| CVE-2023-27784 | An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the re... | E S | |
| CVE-2023-27785 | An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service vi... | E S | |
| CVE-2023-27786 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the maci... | E S | |
| CVE-2023-27787 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the pars... | E S | |
| CVE-2023-27788 | An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the p... | E S | |
| CVE-2023-27789 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr... | E S | |
| CVE-2023-27791 | An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges v... | E | |
| CVE-2023-27792 | An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via ... | E | |
| CVE-2023-27793 | An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated ... | E | |
| CVE-2023-27795 | An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via... | E | |
| CVE-2023-27796 | RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204,... | E | |
| CVE-2023-27801 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList inte... | | |
| CVE-2023-27802 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parame... | | |
| CVE-2023-27803 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList i... | | |
| CVE-2023-27804 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interfa... | | |
| CVE-2023-27805 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interf... | | |
| CVE-2023-27806 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_delli... | | |
| CVE-2023-27807 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interfa... | | |
| CVE-2023-27808 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList in... | | |
| CVE-2023-27810 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editl... | | |
| CVE-2023-27812 | bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_fil... | E | |
| CVE-2023-27821 | Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockD... | E | |
| CVE-2023-27823 | An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration cons... | | |
| CVE-2023-27826 | SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerab... | E | |
| CVE-2023-27830 | TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via rep... | E | |
| CVE-2023-27836 | TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerabi... | E | |
| CVE-2023-27837 | TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerabi... | E | |
| CVE-2023-27842 | Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remot... | E | |
| CVE-2023-27843 | SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attac... | E S | |
| CVE-2023-27844 | SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker... | S | |
| CVE-2023-27845 | SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker... | E S | |
| CVE-2023-27846 | SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacke... | S | |
| CVE-2023-27847 | SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker t... | E | |
| CVE-2023-27848 | broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via th... | E | |
| CVE-2023-27849 | rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability vi... | E | |
| CVE-2023-27850 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows use... | | |
| CVE-2023-27851 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentio... | | |
| CVE-2023-27852 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in vario... | | |
| CVE-2023-27853 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP ... | | |
| CVE-2023-27854 | Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability | S | |
| CVE-2023-27855 | Rockwell Automation ThinManager ThinServer Path Traversal Upload | S | |
| CVE-2023-27856 | Rockwell Automation ThinManager ThinServer Path Traversal Download | S | |
| CVE-2023-27857 | Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow | S | |
| CVE-2023-27858 | Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability | S | |
| CVE-2023-27859 | IBM Db2 code execution | S | |
| CVE-2023-27860 | IBM Maximo Asset Management information disclosure | S | |
| CVE-2023-27861 | IBM Maximo Application Suite information disclosure | | |
| CVE-2023-27863 | IBM Spectrum Protect Plus Server information disclosure | S | |
| CVE-2023-27864 | IBM Maximo Asset Management HTML injection | S | |
| CVE-2023-27866 | IBM Informix JDBC code execution | S | |
| CVE-2023-27867 | IBM Db2 code execution | S | |
| CVE-2023-27868 | IBM Db2 code execution | S | |
| CVE-2023-27869 | IBM Db2 code execution | S | |
| CVE-2023-27870 | IBM Spectrum Virtualize information disclosure | S | |
| CVE-2023-27871 | IBM Aspera Faspex information disclosure | S | |
| CVE-2023-27873 | IBM Aspera Faspex information disclosure | S | |
| CVE-2023-27874 | IBM Aspera Faspex XML external entity injection | S | |
| CVE-2023-27875 | IBM Aspera Faspex improper access controls | S | |
| CVE-2023-27876 | IBM TRIRIGA Application Platform XML external entity injection | S | |
| CVE-2023-27877 | IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure | S | |
| CVE-2023-27879 | Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthent... | | |
| CVE-2023-27881 | PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2023-27882 | A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of ... | E | |
| CVE-2023-27886 | CVE-2023-27886 | | |
| CVE-2023-27887 | Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to poten... | | |
| CVE-2023-27888 | Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated ... | | |
| CVE-2023-27889 | Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allow... | | |
| CVE-2023-27890 | The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSG... | | |
| CVE-2023-27891 | rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The f... | | |
| CVE-2023-27892 | Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a g... | E S | |
| CVE-2023-27893 | Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI) | | |
| CVE-2023-27894 | Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform | | |
| CVE-2023-27895 | Information Disclosure vulnerability in SAP Authenticator for Android | | |
| CVE-2023-27896 | Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform | | |
| CVE-2023-27897 | Code Injection vulnerability in SAP CRM | | |
| CVE-2023-27898 | Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not ... | | |
| CVE-2023-27899 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary... | | |
| CVE-2023-27900 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library withou... | | |
| CVE-2023-27901 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library withou... | | |
| CVE-2023-27902 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job worksp... | | |
| CVE-2023-27903 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary... | | |
| CVE-2023-27904 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related page... | | |
| CVE-2023-27905 | Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download in... | | |
| CVE-2023-27906 | A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-boun... | | |
| CVE-2023-27907 | A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-boun... | | |
| CVE-2023-27908 | A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk in... | | |
| CVE-2023-27909 | An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code ex... | | |
| CVE-2023-27910 | A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vul... | | |
| CVE-2023-27911 | A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vuln... | | |
| CVE-2023-27912 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound... | | |
| CVE-2023-27913 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an I... | | |
| CVE-2023-27914 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyo... | | |
| CVE-2023-27915 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corr... | | |
| CVE-2023-27916 | The affected application lacks proper validation of user-supplied data when parsing f... | S | |
| CVE-2023-27917 | OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated a... | M | |
| CVE-2023-27918 | Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia ... | | |
| CVE-2023-27919 | Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all v... | | |
| CVE-2023-27920 | Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-C... | | |
| CVE-2023-27921 | JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lea... | | |
| CVE-2023-27922 | Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthentic... | | |
| CVE-2023-27923 | Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blo... | | |
| CVE-2023-27925 | Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks ... | | |
| CVE-2023-27926 | Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.... | | |
| CVE-2023-27927 | CVE-2023-27927 | | |
| CVE-2023-27928 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-27929 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2023-27930 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadO... | | |
| CVE-2023-27931 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3,... | | |
| CVE-2023-27932 | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, ... | | |
| CVE-2023-27933 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iO... | | |
| CVE-2023-27934 | A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monter... | | |
| CVE-2023-27935 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macO... | | |
| CVE-2023-27936 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | | |
| CVE-2023-27937 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventu... | | |
| CVE-2023-27938 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Gar... | | |
| CVE-2023-27939 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2023-27940 | The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iP... | | |
| CVE-2023-27941 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Vent... | | |
| CVE-2023-27942 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 an... | | |
| CVE-2023-27943 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 a... | | |
| CVE-2023-27944 | This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Mo... | | |
| CVE-2023-27945 | This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Su... | | |
| CVE-2023-27946 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Vent... | | |
| CVE-2023-27947 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2023-27948 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2023-27949 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2023-27950 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2023-27951 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monte... | | |
| CVE-2023-27952 | A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An ... | | |
| CVE-2023-27953 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, ma... | | |
| CVE-2023-27954 | The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, S... | | |
| CVE-2023-27955 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 an... | | |
| CVE-2023-27956 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iO... | | |
| CVE-2023-27957 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve... | | |
| CVE-2023-27958 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, ma... | | |
| CVE-2023-27959 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16... | | |
| CVE-2023-27960 | This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macO... | | |
| CVE-2023-27961 | Multiple validation issues were addressed with improved input sanitization. This issue is fixed in m... | | |
| CVE-2023-27962 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS M... | | |
| CVE-2023-27963 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2023-27964 | An authentication issue was addressed with improved state management. This issue is fixed in AirPods... | | |
| CVE-2023-27965 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS... | | |
| CVE-2023-27966 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may ... | | |
| CVE-2023-27967 | The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may... | | |
| CVE-2023-27968 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve... | | |
| CVE-2023-27969 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS V... | | |
| CVE-2023-27970 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS... | | |
| CVE-2023-27971 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevatio... | | |
| CVE-2023-27972 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote C... | | |
| CVE-2023-27973 | Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Cod... | | |
| CVE-2023-27974 | Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a p... | E | |
| CVE-2023-27975 | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized ac... | | |
| CVE-2023-27976 | A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code e... | | |
| CVE-2023-27977 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server th... | S | |
| CVE-2023-27978 | A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could... | S | |
| CVE-2023-27979 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server th... | S | |
| CVE-2023-27980 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP ... | S | |
| CVE-2023-27981 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom... | S | |
| CVE-2023-27982 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server th... | S | |
| CVE-2023-27983 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP ... | S | |
| CVE-2023-27984 | A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro ... | S | |
| CVE-2023-27985 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections throug... | S | |
| CVE-2023-27986 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections thro... | S | |
| CVE-2023-27987 | Apache Linkis gateway module token authentication bypass | | |
| CVE-2023-27988 | The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior ... | S | |
| CVE-2023-27989 | A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V... | S | |
| CVE-2023-27990 | The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35... | | |
| CVE-2023-27991 | The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmw... | | |
| CVE-2023-27992 | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior t... | KEV S | |
| CVE-2023-27993 | A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a priv... | S | |
| CVE-2023-27995 | A improper neutralization of special elements used in a template engine vulnerability in Fortinet Fo... | S | |
| CVE-2023-27997 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0... | KEV S | |
| CVE-2023-27998 | A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 a... | S | |
| CVE-2023-27999 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in Forti... | S |