CVE-2023-28xxx

There are 858 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-28000 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in Forti...
S
CVE-2023-28001 An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an at...
S
CVE-2023-28002 An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2...
S
CVE-2023-28003 A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to m...
CVE-2023-28004 A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted E...
S
CVE-2023-28005 A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below...
CVE-2023-28006 HCL BigFix OSD Bare Metal Server is affected by a weak cryptographic algorithm.
CVE-2023-28008 HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
CVE-2023-28009 HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
CVE-2023-28010 HCL Domino is susceptible to a sensitive information disclosure vulnerability
CVE-2023-28012 HCL BigFix Mobile can be affected by a command injection vulnerability
CVE-2023-28013 HCL Verse is susceptible to a Reflected Cross-Site Scripting (XSS) Vulnerability
CVE-2023-28014 HCL BigFix Mobile can be affected by a cross-site scripting (XSS) vulnerability
CVE-2023-28015 HCL Domino AppDev Pack is susceptible to a User Account Enumeration vulnerability
CVE-2023-28016 HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability
CVE-2023-28017 HCL Connections is vulnerable to cross-site scripting
S
CVE-2023-28018 HCL Connections s vulnerable to possible denial of service for certain users
CVE-2023-28019 An SQL injection affects BigFix WebUI API
CVE-2023-28020 URL redirection affects BigFix WebUI
CVE-2023-28021 BigFix WebUI is vulnerable to use of a risky cryptographic algorithm
CVE-2023-28022 HCL Connections is vulnerable to sensitive information disclosure
CVE-2023-28023 HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability
CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management
CVE-2023-28026 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28027 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28028 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28029 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28030 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28031 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28032 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28033 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28034 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28035 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28036 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28039 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28040 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28041 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28042 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28043 Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. ...
CVE-2023-28044 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28045 Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability...
S
CVE-2023-28046 Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulne...
S
CVE-2023-28047 Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulne...
S
CVE-2023-28049 Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability....
S
CVE-2023-28050 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28051 Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A l...
CVE-2023-28052 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28053 Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic ...
CVE-2023-28054 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28055 Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. A...
S
CVE-2023-28056 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28058 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28059 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28060 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28061 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user...
CVE-2023-28062 Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remo...
CVE-2023-28063 Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malic...
CVE-2023-28064 Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may p...
CVE-2023-28065 Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecu...
S
CVE-2023-28066 Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnera...
CVE-2023-28068 Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability...
CVE-2023-28069 Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenti...
CVE-2023-28070 Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access contr...
S
CVE-2023-28071 Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an I...
S
CVE-2023-28072 Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted d...
CVE-2023-28073 Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user...
CVE-2023-28074 Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 t...
M
CVE-2023-28075 Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated maliciou...
CVE-2023-28076 CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerabil...
CVE-2023-28077 Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing...
CVE-2023-28078 Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when V...
CVE-2023-28079 PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulner...
S
CVE-2023-28080 PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular us...
S
CVE-2023-28081 A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could...
S
CVE-2023-28083 Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4).
CVE-2023-28084 HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28085 An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials...
CVE-2023-28086 An HPE OneView appliance dump may expose proxy credential settings...
CVE-2023-28087 An HPE OneView appliance dump may expose OneView user accounts...
CVE-2023-28088 An HPE OneView appliance dump may expose SAN switch administrative credentials...
CVE-2023-28089 An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...
CVE-2023-28090 An HPE OneView appliance dump may expose SNMPv3 read credentials...
CVE-2023-28091 HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in a...
CVE-2023-28092 A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulne...
CVE-2023-28093 A user with a compromised configuration can start an unsigned binary as a service....
CVE-2023-28094 Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prio...
CVE-2023-28095 OpenSIPS has vulnerability in the building the local negative replies
S
CVE-2023-28096 OpenSIPS has memory leak in cJSON lib
S
CVE-2023-28097 OpenSIPS has vulnerability in the Content-Length Parser
S
CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser
S
CVE-2023-28099 OpenSIPS has vulnerability in the ds_is_in_list() function
S
CVE-2023-28100 TIOCLINUX can send commands outside sandbox if running on a virtual console
S
CVE-2023-28101 Flatpak metadata with ANSI control codes can cause misleading terminal output
S
CVE-2023-28102 Command injection in discordrb
E S
CVE-2023-28103 Prototype pollution in matrix-react-sdk
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability
S
CVE-2023-28105 Go-huge-util vulnerable to path traversal when unzipping files
S
CVE-2023-28106 Pimcore vulnerable to Cross-site Scripting in UrlSlug Data type
E S
CVE-2023-28107 Discourse vulnerable to multisite DoS by spamming backups
S
CVE-2023-28108 Pimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model
S
CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key
S
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection
E S
CVE-2023-28111 Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses
S
CVE-2023-28112 Discourse's SSRF protection missing for some FastImage requests
S
CVE-2023-28113 russh may use insecure Diffie-Hellman keys
E S
CVE-2023-28114 `cilium-cli` disables etcd authorization for clustermesh clusters
S
CVE-2023-28115 Snappy vulnerable to PHAR deserialization, allowing remote code execution
E S
CVE-2023-28116 Buffer overflow in L2CAP due to misconfigured MTU
S
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
S
CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases
S
CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
S
CVE-2023-28120 There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer wit...
CVE-2023-28121 An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthent...
CVE-2023-28122 A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and ea...
CVE-2023-28123 A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow ...
CVE-2023-28124 Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) cou...
CVE-2023-28125 An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that c...
CVE-2023-28126 An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow...
CVE-2023-28127 A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could...
CVE-2023-28128 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x ...
CVE-2023-28129 DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS ...
CVE-2023-28130 Local user may lead to privilege escalation using Gaia Portal hostnames page....
E
CVE-2023-28131 A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credenti...
M
CVE-2023-28133 Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted Open...
CVE-2023-28134 Local Privliege Escalation in Check Point Endpoint Security Remediation Service
CVE-2023-28140 Executable Hijacking
S
CVE-2023-28141 NTFS Junction
S
CVE-2023-28142 Race Condition
S
CVE-2023-28143 Local Privilege Escalation
S
CVE-2023-28144 KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalat...
E
CVE-2023-28147 An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper G...
CVE-2023-28149 An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05....
CVE-2023-28150 An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external ent...
CVE-2023-28151 An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML exte...
CVE-2023-28152 An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external en...
CVE-2023-28153 An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for A...
E
CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles t...
S
CVE-2023-28155 The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-c...
E S
CVE-2023-28158 Apache Archiva privilege escalation
CVE-2023-28159 The fullscreen notification could have been hidden on Firefox for Android by using download popups, ...
CVE-2023-28160 When following a redirect to a publicly accessible web extension file, the URL may have been transla...
CVE-2023-28161 If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a docume...
CVE-2023-28162 While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic ty...
CVE-2023-28163 When downloading files through the Save As dialog on Windows with suggested filenames containing env...
CVE-2023-28164 Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user co...
CVE-2023-28165 WordPress Backup Bank: WordPress Backup Plugin plugin <= 4.0.28 - Broken Access Control vulnerability
CVE-2023-28166 WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28167 WordPress CF7 Invisible reCAPTCHA Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28168 WordPress WordPress Console plugin <= 0.3.9 - Broken Access Control vulnerability
CVE-2023-28169 WordPress Easy Event calendar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28170 WordPress Theme Demo Import Plugin <= 1.1.1 is vulnerable to Arbitrary File Upload
CVE-2023-28171 WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28172 WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28173 WordPress Google XML Sitemap for Images Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-28174 WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28175 Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authentic...
CVE-2023-28176 Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence ...
CVE-2023-28177 Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption a...
CVE-2023-28178 A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS...
CVE-2023-28179 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Pr...
CVE-2023-28180 A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS ...
CVE-2023-28181 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iO...
CVE-2023-28182 The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS...
CVE-2023-28185 An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16....
CVE-2023-28187 This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. ...
CVE-2023-28188 A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS...
CVE-2023-28189 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monte...
CVE-2023-28190 A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixe...
CVE-2023-28191 This issue was addressed with improved redaction of sensitive information. This issue is fixed in wa...
CVE-2023-28192 A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13....
CVE-2023-28194 The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An ap...
CVE-2023-28195 A privacy issue was addressed with improved private data redaction for log entries. This issue is fi...
CVE-2023-28197 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ven...
CVE-2023-28198 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16....
CVE-2023-28199 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed ...
CVE-2023-28200 A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Vent...
CVE-2023-28201 This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, ...
CVE-2023-28202 This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS ...
CVE-2023-28203 The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. ...
CVE-2023-28204 An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9...
KEV
CVE-2023-28205 A use after free issue was addressed with improved memory management. This issue is fixed in Safari ...
KEV
CVE-2023-28206 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma...
KEV
CVE-2023-28207 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monte...
CVE-2023-28208 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13....
CVE-2023-28209 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve...
CVE-2023-28210 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve...
CVE-2023-28211 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve...
CVE-2023-28212 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve...
CVE-2023-28213 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve...
CVE-2023-28214 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve...
CVE-2023-28215 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve...
CVE-2023-28216 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
S
CVE-2023-28217 Windows Network Address Translation (NAT) Denial of Service Vulnerability
S
CVE-2023-28218 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
S
CVE-2023-28219 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
S
CVE-2023-28220 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
S
CVE-2023-28221 Windows Error Reporting Service Elevation of Privilege Vulnerability
S
CVE-2023-28222 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2023-28223 Windows Domain Name Service Remote Code Execution Vulnerability
S
CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
S
CVE-2023-28225 Windows NTLM Elevation of Privilege Vulnerability
S
CVE-2023-28226 Windows Enroll Engine Security Feature Bypass Vulnerability
S
CVE-2023-28227 Windows Bluetooth Driver Remote Code Execution Vulnerability
S
CVE-2023-28228 Windows Spoofing Vulnerability
S
CVE-2023-28229 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
KEV S
CVE-2023-28231 DHCP Server Service Remote Code Execution Vulnerability
S
CVE-2023-28232 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
S
CVE-2023-28233 Windows Secure Channel Denial of Service Vulnerability
S
CVE-2023-28234 Windows Secure Channel Denial of Service Vulnerability
S
CVE-2023-28235 Windows Lock Screen Security Feature Bypass Vulnerability
S
CVE-2023-28236 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2023-28237 Windows Kernel Remote Code Execution Vulnerability
S
CVE-2023-28238 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
S
CVE-2023-28240 Windows Network Load Balancing Remote Code Execution Vulnerability
S
CVE-2023-28241 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
S
CVE-2023-28243 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
S
CVE-2023-28244 Windows Kerberos Elevation of Privilege Vulnerability
S
CVE-2023-28246 Windows Registry Elevation of Privilege Vulnerability
S
CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability
S
CVE-2023-28248 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2023-28249 Windows Boot Manager Security Feature Bypass Vulnerability
S
CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
S
CVE-2023-28251 Windows Driver Revocation List Security Feature Bypass Vulnerability
S
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
KEV E S
CVE-2023-28253 Windows Kernel Information Disclosure Vulnerability
S
CVE-2023-28254 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28255 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28256 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability
S
CVE-2023-28261 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
S
CVE-2023-28262 Visual Studio Elevation of Privilege Vulnerability
S
CVE-2023-28263 Visual Studio Information Disclosure Vulnerability
S
CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability
S
CVE-2023-28267 Remote Desktop Protocol Client Information Disclosure Vulnerability
S
CVE-2023-28268 Netlogon RPC Elevation of Privilege Vulnerability
S
CVE-2023-28269 Windows Boot Manager Security Feature Bypass Vulnerability
S
CVE-2023-28270 Windows Lock Screen Security Feature Bypass Vulnerability
S
CVE-2023-28271 Windows Kernel Memory Information Disclosure Vulnerability
S
CVE-2023-28272 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability
S
CVE-2023-28274 Windows Win32k Elevation of Privilege Vulnerability
S
CVE-2023-28275 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
S
CVE-2023-28276 Windows Group Policy Security Feature Bypass Vulnerability
S
CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability
S
CVE-2023-28278 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28283 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
S
CVE-2023-28284 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
S
CVE-2023-28285 Microsoft Office Remote Code Execution Vulnerability
S
CVE-2023-28286 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
S
CVE-2023-28287 Microsoft Publisher Remote Code Execution Vulnerability
S
CVE-2023-28288 Microsoft SharePoint Server Spoofing Vulnerability
S
CVE-2023-28290 Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
S
CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability
S
CVE-2023-28292 Raw Image Extension Remote Code Execution Vulnerability
S
CVE-2023-28293 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2023-28295 Microsoft Publisher Remote Code Execution Vulnerability
S
CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability
S
CVE-2023-28297 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
S
CVE-2023-28298 Windows Kernel Denial of Service Vulnerability
S
CVE-2023-28299 Visual Studio Spoofing Vulnerability
S
CVE-2023-28300 Azure Service Connector Security Feature Bypass Vulnerability
S
CVE-2023-28301 Microsoft Edge (Chromium-based) Tampering Vulnerability
S
CVE-2023-28302 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
S
CVE-2023-28303 Windows Snipping Tool Information Disclosure Vulnerability
CVE-2023-28304 Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
S
CVE-2023-28305 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28306 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28307 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28308 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2023-28309 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
S
CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability
S
CVE-2023-28311 Microsoft Word Remote Code Execution Vulnerability
S
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
S
CVE-2023-28313 Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
S
CVE-2023-28314 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
S
CVE-2023-28316 A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platfor...
CVE-2023-28317 A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original t...
CVE-2023-28318 A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the M...
CVE-2023-28319 A use after free vulnerability exists in curl
E S
CVE-2023-28320 A denial of service vulnerability exists in curl
E S
CVE-2023-28321 An improper certificate validation vulnerability exists in curl
E S
CVE-2023-28322 An information disclosure vulnerability exists in curl
E S
CVE-2023-28323 A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an una...
CVE-2023-28324 A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that coul...
CVE-2023-28325 An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to mani...
CVE-2023-28326 Apache OpenMeetings: allows user impersonation
CVE-2023-28327 A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_e...
S
CVE-2023-28328 A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c...
S
CVE-2023-28329 Moodle: authenticated sql injection via availability check
S
CVE-2023-28330 Moodle: authenticated arbitrary file read through malformed backup file
S
CVE-2023-28331 Moodle: xss risk when outputting database activity filter data
S
CVE-2023-28332 Moodle: algebra filter xss when filter is misconfigured
S
CVE-2023-28333 Moodle: pix helper potential mustache code injection risk
S
CVE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page
S
CVE-2023-28335 Moodle: csrf risk in resetting all templates of a database activity
S
CVE-2023-28336 Moodle: teacher can access names of users they do not have permission to access
S
CVE-2023-28337 When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate...
CVE-2023-28338 Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Typ...
CVE-2023-28339 OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a ...
CVE-2023-28340 Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack....
S
CVE-2023-28341 Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16...
S
CVE-2023-28342 Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack...
CVE-2023-28343 OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the...
E
CVE-2023-28344 An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console appli...
E M
CVE-2023-28345 An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console appli...
E M
CVE-2023-28346 An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attac...
E M
CVE-2023-28347 An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to...
E M
CVE-2023-28348 An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker co...
E M
CVE-2023-28349 An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to...
E M
CVE-2023-28350 An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not va...
E
CVE-2023-28351 An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user ...
E
CVE-2023-28352 An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadc...
E
CVE-2023-28353 An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is ab...
E
CVE-2023-28354 An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call ch...
CVE-2023-28356 A vulnerability has been identified where a maliciously crafted message containing a specific chain ...
CVE-2023-28357 A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute ...
CVE-2023-28358 A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Mes...
CVE-2023-28359 A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket...
CVE-2023-28360 An omission of security-relevant information vulnerability exists in Brave desktop prior to version ...
CVE-2023-28361 A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a ma...
CVE-2023-28362 The redirect_to method in Rails allows provided values to contain characters which are not legal in ...
CVE-2023-28364 An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Br...
E
CVE-2023-28365 A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linu...
CVE-2023-28366 The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused...
S
CVE-2023-28367 Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and...
CVE-2023-28368 TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' u...
CVE-2023-28369 Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vuln...
CVE-2023-28370 Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated at...
CVE-2023-28371 In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones ...
S
CVE-2023-28372 FlashBlade Object Store Privileged Access
S
CVE-2023-28373 FlashArray SafeMode Immutable Vulnerability
S
CVE-2023-28374 Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software b...
CVE-2023-28375 CVE-2023-28375
CVE-2023-28376 Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before v...
CVE-2023-28377 Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before v...
CVE-2023-28378 Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0....
CVE-2023-28379 A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Em...
E
CVE-2023-28380 Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an un...
CVE-2023-28381 An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of pepli...
E
CVE-2023-28382 Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated att...
CVE-2023-28383 Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potenti...
CVE-2023-28384 CVE-2023-28384
CVE-2023-28385 Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may...
CVE-2023-28386 Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The dev...
S
CVE-2023-28387 "NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 ...
CVE-2023-28388 Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444....
CVE-2023-28389 Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may...
CVE-2023-28390 Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 f...
CVE-2023-28391 A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston E...
E
CVE-2023-28392 Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.0...
CVE-2023-28393 A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functiona...
E
CVE-2023-28394 Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary...
CVE-2023-28395 CVE-2023-28395
CVE-2023-28396 Improper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 ...
CVE-2023-28397 Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authen...
CVE-2023-28398 CVE-2023-28398
CVE-2023-28399 Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions ...
CVE-2023-28400 CVE-2023-28400
CVE-2023-28401 Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before v...
CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potent...
CVE-2023-28404 Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before ver...
CVE-2023-28405 Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3....
CVE-2023-28406 BIG-IP Configuration utility vulnerability
CVE-2023-28407 Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authent...
CVE-2023-28408 Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthen...
CVE-2023-28409 Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, wh...
CVE-2023-28410 Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphi...
CVE-2023-28411 Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged us...
S
CVE-2023-28412 When supplied with a random MAC address, Snap One OvrC cloud servers will return informatio...
S
CVE-2023-28413 Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote u...
CVE-2023-28414 WordPress ApexChat Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28415 WordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)
E S
CVE-2023-28416 WordPress Chankhe theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation vulnerability
CVE-2023-28417 WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability
S
CVE-2023-28418 WordPress Mediciti Lite Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28419 WordPress Force First and Last Name as Display Name Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28420 WordPress Custom Options Plus Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-28421 WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.10 is vulnerable to Sensitive Data Exposure
S
CVE-2023-28422 WordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28423 WordPress Modern Footnotes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28424 Soko SQL Injection vulnerability
S
CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service
S
CVE-2023-28426 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further ...
R
CVE-2023-28427 Prototype pollution in matrix-js-sdk
CVE-2023-28428 PDFio vulnerable to Denial Of Service when opening a corrupt PDF file
S
CVE-2023-28429 Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field
S
CVE-2023-28430 OneSignal repository github action command injection
E S
CVE-2023-28431 Frontier's modexp precompile is slow for even modulus
S
CVE-2023-28432 Minio Information Disclosure in Cluster Deployment
KEV E
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation
S
CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS
KEV E S
CVE-2023-28435 Dataease file upload interface does not verify permission or file type
E
CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
S
CVE-2023-28437 SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed
E
CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports
S
CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process
CVE-2023-28440 Denial of service via admin theme import route in Discourse
CVE-2023-28441 smartCARS 3 Password Stored as plain text in Error Log
CVE-2023-28442 Geoserver for GeoNode sensitive information leak
S
CVE-2023-28443 directus vulnerable to Insertion of Sensitive Information into Log File
E S
CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
S
CVE-2023-28445 Deno improperly handles resizable ArrayBuffer
S
CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization
E S
CVE-2023-28447 Cross site scripting vulnerability in Javascript escaping in smarty/smarty
S
CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access
S
CVE-2023-28450 An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set t...
CVE-2023-28451 An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolv...
CVE-2023-28452 An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving softwar...
CVE-2023-28455 An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to creat...
CVE-2023-28456 An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification a...
CVE-2023-28457 An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache po...
CVE-2023-28458 pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers ...
E S
CVE-2023-28459 pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were ...
E S
CVE-2023-28460 A command injection vulnerability was discovered in Array Networks APV products. A remote attacker c...
CVE-2023-28461 Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An atta...
KEV M
CVE-2023-28462 A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 ...
M
CVE-2023-28464 hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free ...
S
CVE-2023-28465 The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows ...
CVE-2023-28466 do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, le...
S
CVE-2023-28467 In MyBB before 1.8.34, there is XSS in the User CP module via the user email field....
S
CVE-2023-28468 An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Th...
CVE-2023-28469 An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper G...
CVE-2023-28470 In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authenticat...
CVE-2023-28471 Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a ...
CVE-2023-28472 Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have S...
CVE-2023-28473 Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable t...
CVE-2023-28474 Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Sav...
CVE-2023-28475 Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vul...
CVE-2023-28476 Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tag...
CVE-2023-28477 Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable t...
CVE-2023-28478 TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow....
CVE-2023-28479 An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full deve...
E
CVE-2023-28480 An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to defi...
E
CVE-2023-28481 An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH autho...
E
CVE-2023-28482 An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multip...
E
CVE-2023-28483 An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with ...
E
CVE-2023-28484 In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer derefere...
E S
CVE-2023-28485 A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows...
E
CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in log messages....
S
CVE-2023-28487 Sudo before 1.9.13 does not escape control characters in sudoreplay output....
S
CVE-2023-28488 client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a c...
E S
CVE-2023-28489 A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MA...
CVE-2023-28490 WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28491 WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to SQL Injection
S
CVE-2023-28492 WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability
S
CVE-2023-28493 WordPress Newsmag Theme <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28494 WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability
S
CVE-2023-28495 WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28496 WordPress SMTP2GO Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28497 WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28498 WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28499 WordPress Slide Anything Plugin <= 2.4.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28500 A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows...
CVE-2023-28501 Heap buffer overflow in unirpcd
CVE-2023-28502 Stack buffer overflow in UniRPC's udadmin_server service
CVE-2023-28503 Authentication bypass in UniRPC's udadmin service
CVE-2023-28504 Stack buffer overflow in UniRPC library function
CVE-2023-28505 Buffer overflow in UniRPC library function
CVE-2023-28506 Stack buffer overflow in UniRPC service
CVE-2023-28507 Memory exhaustion in LZ4 decompression in UniRPC daemon
CVE-2023-28508 Heap corruption in UniRPC service
CVE-2023-28509 Weak encryption in UniRPC protocol
CVE-2023-28512 IBM Watson CP4D Data Stores improper input validation
CVE-2023-28513 IBM MQ denial of service
S
CVE-2023-28514 IBM MQ information disclosure
S
CVE-2023-28517 IBM Sterling Partner Engagement Manager cross-site scripting
CVE-2023-28520 IBM Planning Analytics Local cross-site scripting
S
CVE-2023-28522 IBM API Connect improper access control
S
CVE-2023-28523 IBM Informix Dynamic Server buffer overflow
CVE-2023-28525 IBM Engineering Requirements Management cross-site scripting
CVE-2023-28526 IBM Informix Dynamic Server buffer overflow
CVE-2023-28527 IBM Informix Dynamic Server buffer overflow
CVE-2023-28528 IBM AIX command execution
S
CVE-2023-28529 IBM InfoSphere Information Server 11.7
S
CVE-2023-28530 IBM Cognos Analytics cross-site scripting
S
CVE-2023-28531 ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destinat...
CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation
S
CVE-2023-28533 WordPress Cab Grid Plugin <= 1.5.15 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28534 WordPress WP Job Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28535 WordPress Paytm Payment Donation Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28536 WordPress Branded Social Images plugin <= 1.1.0 - Broken Access Control vulnerability
S
CVE-2023-28537 Integer Overflow or Wraparound in Audio
CVE-2023-28538 Stack-based Buffer Overflow in WIN Product
CVE-2023-28539 Buffer Copy Without Checking Size of Input in WLAN Host
S
CVE-2023-28540 Improper Authentication in Data Modem
CVE-2023-28541 Buffer Over-read in WLAN Host
S
CVE-2023-28542 Buffer Over-read in WLAN HOST
S
CVE-2023-28543 Out of Bounds read in SNPE Library
CVE-2023-28544 Buffer Copy without Checking the Size of Input in WLAN Firmware
CVE-2023-28545 Improper Restriction of Operations within the Bounds of a Memory Buffer in TZ Secure OS
CVE-2023-28546 Buffer Copy Without Checking Size of Input in SPS Applications
CVE-2023-28547 Buffer Copy Without Checking Size of Input in SPS Applications
CVE-2023-28548 Improper Validation of Array Index in WLAN HAL
S
CVE-2023-28549 Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN HAL
CVE-2023-28550 Improper Restriction of Operations within the Bounds of a Memory Buffer in MPP Performance
CVE-2023-28551 Improper Restriction of Operations within the Bounds of a Memory Buffer in UTILS
CVE-2023-28553 Buffer Over-read in WLAN Host
S
CVE-2023-28554 Buffer Over-read in Qualcomm IPC
S
CVE-2023-28555 Buffer Over-read in Audio
CVE-2023-28556 Improper Authorization in HLOS
CVE-2023-28557 Improper Validation of Array Index in WLAN HAL
CVE-2023-28558 Improper Validation of Array Index in WLAN HAL
CVE-2023-28559 Buffer Copy Without Checking Size of Input in WLAN HAL
CVE-2023-28560 Buffer Copy Without Checking Size of Input in WLAN HAL
CVE-2023-28561 Buffer Copy Without Checking Size of Input in QESL
CVE-2023-28562 Buffer Copy Without Checking Size of Input in QESL
CVE-2023-28563 Buffer Over-read in IOE Firmware
CVE-2023-28564 Use of Out-of-range Pointer Offset in WLAN HAL
CVE-2023-28565 Improper Validation of Array Index in WLAN HAL
CVE-2023-28566 Buffer Over-read in WLAN HAL
CVE-2023-28567 Improper Validation of Array Index in WLAN HAL
CVE-2023-28568 Buffer Over-read in WLAN HAL
CVE-2023-28569 Buffer Over-read in WLAN HAL
CVE-2023-28570 Buffer Copy without Checking Size of Input in Audio
CVE-2023-28571 Buffer Over-read in WLAN HOST
S
CVE-2023-28572 Buffer Over-read in WLAN HOST
S
CVE-2023-28573 Improper Validation of Array Index in WLAN HAL
CVE-2023-28574 Improper Input Validation in Core
CVE-2023-28575 Multiple Type Confusion Vulnerability
S
CVE-2023-28576 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver
S
CVE-2023-28577 Multiple Dmabuf Kernel Address UAF Vulnerability
S
CVE-2023-28578 Improper Input Validation in Services
CVE-2023-28579 Buffer Copy Without Checking Size of Input in WLAN Host
S
CVE-2023-28580 Buffer Copy Without Checking Size of Input in WLAN Host
S
CVE-2023-28581 Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Firmware
CVE-2023-28582 Buffer Copy Without Checking Size of Input in Data Modem
CVE-2023-28583 Double Free in Data Network Stack & Connectivity
CVE-2023-28584 Improper Authorization in WLAN Host
S
CVE-2023-28585 Integer Overflow to Buffer Overflow in TZ Secure OS
CVE-2023-28586 Improper Restriction of Operation within the Bounds of a Memory Buffer in TZ Secure OS
CVE-2023-28587 Improper Restriction of Operations within the Bounds of a Memory Buffer in BT Controller
CVE-2023-28588 Integer Overflow or Wraparound in Bluetooth Host
S
CVE-2023-28596 Local Privilege Escalation in Zoom for macOS Installers
CVE-2023-28597 Improper trust boundary implementation for SMB in Zoom Clients
CVE-2023-28598 Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts...
CVE-2023-28599 Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could injec...
CVE-2023-28600 Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious...
CVE-2023-28601 Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bo...
CVE-2023-28602 Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature...
CVE-2023-28603 Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A mal...
CVE-2023-28604 The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a compon...
E M
CVE-2023-28606 js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips....
S
CVE-2023-28607 js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip....
S
CVE-2023-28609 api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication....
S
CVE-2023-28610 The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by ...
CVE-2023-28611 Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20...
M
CVE-2023-28613 An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1...
CVE-2023-28614 Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to ...
CVE-2023-28616 An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x bef...
CVE-2023-28617 org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to e...
S
CVE-2023-28618 WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28620 WordPress Cyberus Key Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28621 WordPress Raise Mag Theme <= 1.0.7 and Wishful Blog theme <= 2.0.1 are vulnerable to Cross Site Scripting (XSS)
CVE-2023-28622 WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip
S
CVE-2023-28625 mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
S
CVE-2023-28626 Quadratic runtime when parsing Markdown in comrak
S
CVE-2023-28627 OS Command Injection via GIT_PATH in pymedusa
E S
CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri
E S
CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd
S
CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd
S
CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak
S
CVE-2023-28632 GLPI vulnerable to account takeover by authenticated user
S
CVE-2023-28633 GLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feeds
S
CVE-2023-28634 GLPI vulnerable to Privilege Escalation from Technician to Super-Admin
S
CVE-2023-28635 Defining resource name as integer in vantage6 may give unintended access
S
CVE-2023-28636 GLPI vulnerable to stored Cross-site Scripting in external links
S
CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability
E
CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier
S
CVE-2023-28639 GLPI vulnerable to reflected Cross-site Scripting in search pages
S
CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key
M
CVE-2023-28642 AppArmor bypass with symlinked /proc in runc
S
CVE-2023-28643 Potential share collision for recipients when caching is enabled in nextcloud server
E S
CVE-2023-28644 Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server
S
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
S
CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps
S
CVE-2023-28647 App pin of the iOS app can be bypassed in Nextcloud iOS
S
CVE-2023-28648 CVE-2023-28648
CVE-2023-28649 The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices...
S
CVE-2023-28650 CVE-2023-28650
CVE-2023-28651 Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If ...
CVE-2023-28652 CVE-2023-28652
CVE-2023-28653 The affected application lacks proper validation of user-supplied data when parsing...
S
CVE-2023-28654 CVE-2023-28654
CVE-2023-28655 CVE-2023-28655
CVE-2023-28656 NGINX Management Suite vulnerability
CVE-2023-28657 Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ...
CVE-2023-28658 Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an a...
CVE-2023-28659 The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticate...
E
CVE-2023-28660 The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injecti...
E
CVE-2023-28661 The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injecti...
E
CVE-2023-28662 The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an un...
E
CVE-2023-28663 The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injecti...
E
CVE-2023-28664 The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflecte...
E
CVE-2023-28665 The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-si...
E
CVE-2023-28666 The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scri...
E
CVE-2023-28667 The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure de...
E
CVE-2023-28668 Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions e...
CVE-2023-28669 Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resu...
CVE-2023-28670 Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the...
CVE-2023-28671 A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5...
CVE-2023-28672 Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in...
CVE-2023-28673 A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows a...
CVE-2023-28674 A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5...
CVE-2023-28675 A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows a...
CVE-2023-28676 A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earl...
CVE-2023-28677 Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freest...
CVE-2023-28678 Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files befor...
CVE-2023-28679 Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets...
CVE-2023-28680 Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external enti...
CVE-2023-28681 Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to preve...
CVE-2023-28682 Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent X...
CVE-2023-28683 Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to preve...
CVE-2023-28684 Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to preven...
CVE-2023-28685 Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external...
CVE-2023-28686 Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the persona...
S
CVE-2023-28687 Reflected Cross-Site Scripting (XSS) vulnerability in multiple WordPress themes
S
CVE-2023-28688 WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability
S
CVE-2023-28689 WordPress JS Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability
S
CVE-2023-28690 WordPress WP BrowserUpdate Plugin <= 4.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28692 WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)
E
CVE-2023-28693 WordPress Advanced Youtube Channel Pagination Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28694 WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-28695 WordPress VigilanTor Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28696 WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28697 Moxa MiiNePort E1 - Broken Access Control
S
CVE-2023-28698 WADE DIGITAL DESIGN CO, LTD. FANTSY - Broken Acesss Control
CVE-2023-28699 WADE DIGITAL DESIGN CO, LTD. FANTSY - Arbitrary File Upload
CVE-2023-28700 ITPison OMICARD EDM - Arbitrary File Upload
CVE-2023-28701 ELITE Web Fax - SQL Injection
CVE-2023-28702 ASUS RT-AC86U - Command Injection
CVE-2023-28703 ASUS RT-AC86U - Buffer Overflow
CVE-2023-28704 Furbo dog camera - Command Injection
CVE-2023-28705 Openfind Mail2000 - XSS (Reflected Cross-site scripting)
S
CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution
S
CVE-2023-28707 Airflow Apache Drill Provider Arbitrary File Read Vulnerability
S
CVE-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations
S
CVE-2023-28709 Apache Tomcat: Fix for CVE-2023-24998 is incomplete
CVE-2023-28710 Apache Airflow Spark Provider Arbitrary File Read via JDBC
S
CVE-2023-28711 Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version ...
CVE-2023-28712 CVE-2023-28712
CVE-2023-28713 Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Becaus...
CVE-2023-28714 Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows befo...
S
CVE-2023-28715 Improper access control in some Intel(R) oneAPI Toolkit and component software installers before ver...
CVE-2023-28716 CVE-2023-28716
CVE-2023-28718 CVE-2023-28718
CVE-2023-28720 Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software bef...
CVE-2023-28722 Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a priv...
CVE-2023-28723 Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware I...
CVE-2023-28724 NGINX Management Suite vulnerability
CVE-2023-28725 General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devic...
E M
CVE-2023-28726 Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS comman...
CVE-2023-28727 Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to...
CVE-2023-28728 A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versi...
CVE-2023-28729 A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous vers...
CVE-2023-28730 A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous vers...
CVE-2023-28731 Unauthenticated RCE affecting the AcyMailing plugin for Joomla
E S
CVE-2023-28732 Missing access control affecting the AcyMailing plugin for Joomla
S
CVE-2023-28733 Stored XSS affecting the AcyMailing plugin for Joomla
S
CVE-2023-28736 Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privile...
CVE-2023-28737 Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authen...
CVE-2023-28738 Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privile...
CVE-2023-28739 Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.837...
CVE-2023-28740 Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before ve...
CVE-2023-28741 Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may al...
CVE-2023-28742 BIG-IP iQuery mesh vulnerability
CVE-2023-28743 Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privile...
CVE-2023-28744 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, versi...
E
CVE-2023-28745 Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow a...
CVE-2023-28746 Information exposure through microarchitectural state after transient execution from some register f...
CVE-2023-28747 WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28748 WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection
CVE-2023-28749 WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28750 WordPress Albo Pretorio Online Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28751 WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28753 netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicio...
S
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
CVE-2023-28755 A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI pars...
CVE-2023-28756 A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time par...
CVE-2023-28758 An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to spe...
CVE-2023-28759 An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the ...
CVE-2023-28761 Missing Authentication check in SAP NetWeaver Enterprise Portal
CVE-2023-28762 Information Disclosure in SAP BusinessObjects Intelligence Platform
CVE-2023-28763 Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform
CVE-2023-28764 Information Disclosure vulnerability in SAP BusinessObjects Platform
CVE-2023-28765 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )
CVE-2023-28766 A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIP...
CVE-2023-28767 The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware ve...
CVE-2023-28768 Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware ...
S
CVE-2023-28769 The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel ...
CVE-2023-28770 The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zy...
CVE-2023-28771 Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN ...
KEV E
CVE-2023-28772 An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex bu...
S
CVE-2023-28773 WordPress Secondary Title Plugin <= 2.0.9.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28774 WordPress Review Stream Plugin <= 1.6.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability
S
CVE-2023-28776 WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28777 WordPress LearnDash LMS Plugin <= 4.5.3 is vulnerable to SQL Injection
S
CVE-2023-28778 WordPress Pagination by BestWebSoft Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28779 WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28780 WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28781 WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28782 WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection
S
CVE-2023-28783 WordPress Woocommerce Tip/Donation Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28784 WordPress Contest Gallery Plugin <= 21.1.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28785 WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28786 WordPress Solid Security Plugin <= 8.1.4 is vulnerable to Open Redirection
S
CVE-2023-28787 WordPress Quiz And Survey Master plugin <= 8.1.4 - Unauthenticated SQL Injection vulnerability
S
CVE-2023-28788 WordPress Advanced Page Visit Counter Plugin <= 6.4.2 is vulnerable to SQL Injection
S
CVE-2023-28789 WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28790 WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28791 WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-28792 WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28793 Heap Based Buffer Overflow in Library
CVE-2023-28794 PAC Files Exposed to Internet Websites
CVE-2023-28795 Client IPC validation bypass
CVE-2023-28796 IPC Bypass Through PLT Section in ELF
CVE-2023-28797 LPE using arbitrary file delete with Symlinks
CVE-2023-28798 Out-of-bounds write to heap in pacparser
CVE-2023-28799 A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious ...
CVE-2023-28800 Output encoding missing in redrurl parameter
CVE-2023-28801 Improper SAML signature verification
CVE-2023-28802 Disable Zscaler using machine tunnel restart
CVE-2023-28803 Traffic being bypassed by ZCC by configuring synthetic IP range as local network
CVE-2023-28804 Linux ZCC allows unsigned updates, allowing elevated Code Execution
CVE-2023-28805 ZCC on Linux privilege escalation
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection
CVE-2023-28807 Bypass of ZIA domain fronting detection module through evasion technique
CVE-2023-28808 Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be...
S
CVE-2023-28809 Some access control products are vulnerable to a session hijacking attack because the product does n...
S
CVE-2023-28810 Some access control/intercom products have unauthorized modification of device network configuration...
S
CVE-2023-28811 There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploite...
S
CVE-2023-28812 There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit...
CVE-2023-28813 An attacker could exploit a vulnerability by sending crafted messages to computers installed with th...
CVE-2023-28818 An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade ...
CVE-2023-28819 Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to ...
CVE-2023-28820 Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the ...
CVE-2023-28821 Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets....
CVE-2023-28823 Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before ve...
CVE-2023-28824 Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5...
CVE-2023-28826 This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO...
CVE-2023-28827 A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < ...
CVE-2023-28828 A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains...
M
CVE-2023-28829 A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC So...
S
CVE-2023-28830 A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All vers...
CVE-2023-28831 The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnera...
M
CVE-2023-28832 A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), ...
S
CVE-2023-28833 Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
S
CVE-2023-28834 Full path of data directory exposed to Nextcloud server users
E S
CVE-2023-28835 Insecure randomness for default password in nextcloud
S
CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
S
CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
S
CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports
S
CVE-2023-28839 Improper neutralization in an SQL query in Shoppingfeed
S
CVE-2023-28840 moby/moby's dockerd daemon encrypted overlay network may be unauthenticated
E S
CVE-2023-28841 moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted
E S
CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated
M
CVE-2023-28843 Improper neutralization of SQL parameter in PayPal module for PrestaShop
E S
CVE-2023-28844 User without download rights can download older version of that file in nextcloud server
S
CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk
S
CVE-2023-28846 Denial of Service in unpoly-rails
S
CVE-2023-28847 Nextcloud Server missing brute force protection for passwords of password protected share links
E S
CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error
S
CVE-2023-28849 GLPI vulnerable to SQL injection and Stored XSS via inventory agent request
S
CVE-2023-28850 Pimcore Perspective Editor vulnerable to Cross-site Scripting in perspective name
E S
CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting
S
CVE-2023-28852 GLPI vulnerable to stored Cross-site Scripting through dashboard administration
S
CVE-2023-28853 Mastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database
E S
CVE-2023-28854 nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail
S
CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields
S
CVE-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process
S
CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009
CVE-2023-28858 redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopport...
S
CVE-2023-28859 redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis...
S
CVE-2023-28862 An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic ...
E S
CVE-2023-28863 AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity....
CVE-2023-28864 Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-m...
M
CVE-2023-28865 Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR...
E
CVE-2023-28866 In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_...
CVE-2023-28867 In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that ca...
S
CVE-2023-28868 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary ...
E
CVE-2023-28869 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of...
E
CVE-2023-28870 Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow at...
E
CVE-2023-28871 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry inf...
E
CVE-2023-28872 Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files...
E
CVE-2023-28873 An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript int...
E
CVE-2023-28874 The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect use...
E
CVE-2023-28875 A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inj...
E
CVE-2023-28876 A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allow...
E
CVE-2023-28877 The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to priva...
CVE-2023-28879 In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption o...
E
CVE-2023-28882 Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and ...
CVE-2023-28883 In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint....
S
CVE-2023-28884 In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index....
S
CVE-2023-28885 The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles a...
CVE-2023-28892 Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation o...
CVE-2023-28895 Hard-coded password for access to power controller chip memory
CVE-2023-28896 Weak encoding for password in UDS services
CVE-2023-28897 Hard-coded password for UDS services
CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service
CVE-2023-28899 Denial of Service via ECU reset service
CVE-2023-28900 Nickname Disclosure on the Backend Automotive Server
CVE-2023-28901 Trip Data Disclosure from Backend
CVE-2023-28929 Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability...
CVE-2023-28930 WordPress Mobile Banner Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28931 WordPress Post Connector Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28932 WordPress WPMobile.App Plugin <= 11.20 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28933 WordPress Call Now Accessibility Button Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28934 WordPress WP Full Stripe Free Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE
CVE-2023-28936 Apache OpenMeetings: insufficient check of invitation hash
CVE-2023-28937 DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista...
CVE-2023-28938 Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 m...
CVE-2023-28949 IBM Engineering Requirements Management cross-site request forgery
CVE-2023-28950 IBM MQ information disclosure
S
CVE-2023-28952 IBM Cognos Controller log injection
CVE-2023-28953 IBM Cognos Analytics on Cloud Pak for Data improper access control
S
CVE-2023-28955 IBM Watson Knowledge Catalog denial of service
S
CVE-2023-28956 IBM Spectrum Protect Backup-Archive Client privilege escalation
S
CVE-2023-28958 IBM Watson Knowledge Catalog CSV injection
S
CVE-2023-28959 Junos OS: QFX10002: PFE wedges and restarts upon receipt of specific malformed packets
S
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
S
CVE-2023-28961 Junos OS: ACX Series: IPv6 firewall filter is not installed in PFE when "from next-header ah" is used
S
CVE-2023-28962 Junos OS: Unauthenticated access vulnerability in J-Web
S
CVE-2023-28963 Junos OS: User-controlled input vulnerability in J-Web
S
CVE-2023-28964 Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash
S
CVE-2023-28965 Junos OS: QFX10002: Failure of storm control feature may lead to Denial of Service
S
CVE-2023-28966 Junos OS Evolved: Local low-privileged user with shell access can execute CLI commands as root
S
CVE-2023-28967 Junos OS and Junos OS Evolved: An attacker sending genuine BGP packets causes an RPD crash
S
CVE-2023-28968 Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open
S
CVE-2023-28970 Junos OS: JRR200: Kernel crash upon receipt of a specific packet
S
CVE-2023-28971 Paragon Active Assurance: Enabling the timescaledb enables IP forwarding
S
CVE-2023-28972 Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery
S
CVE-2023-28973 Junos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some administrative actions
S
CVE-2023-28974 Junos OS: MX Series: In a BBE scenario upon receipt of specific malformed packets from subscribers the process bbe-smgd will crash
S
CVE-2023-28975 Junos OS: The kernel will crash when certain USB devices are inserted
S
CVE-2023-28976 Junos OS: MX Series: If a specific traffic rate goes above the DDoS threshold it will lead to an FPC crash
S
CVE-2023-28978 Junos OS Evolved: Read access to some confidential user information is possible
S
CVE-2023-28979 Junos OS: In a 6PE scenario upon receipt of a specific IPv6 packet an integrity check fails
S
CVE-2023-28980 Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued
S
CVE-2023-28981 Junos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memory corruption will occur which causes an rpd crash
S
CVE-2023-28982 Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur
S
CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server
S
CVE-2023-28984 Junos OS: QFX Series: The PFE may crash when a lot of MAC addresses are being learned and aged
S
CVE-2023-28985 SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received
S
CVE-2023-28986 WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28987 WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28988 WordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28989 WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28990 WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability
S
CVE-2023-28991 WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28992 WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28993 WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28994 WordPress Flatsome Theme <= 3.16.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-28995 WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-28997 Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files
E S
CVE-2023-28998 Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys
E S
CVE-2023-28999 Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders
E S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.