| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-29000 | Nextcloud Desktop client does not verify received singed certificate in end-to-end encryption | S | |
| CVE-2023-29001 | Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG | S | |
| CVE-2023-29002 | Debug mode leaks confidential data in Cilium | | |
| CVE-2023-29003 | SvelteKit has Insufficient Cross-Site Request Forgery Protection | E S | |
| CVE-2023-29004 | Path Traversal Vulnerability in hap-wi/roxy-wi | E | |
| CVE-2023-29005 | No Rate Limiting on Login AUTH DB | | |
| CVE-2023-29006 | Order GLPI plugin vulnerable to remote code execution from authenticated user | S | |
| CVE-2023-29007 | Arbitrary configuration injection via `git submodule deinit` | S | |
| CVE-2023-29008 | SvelteKit framework has Insufficient CSRF protection for CORS requests | S | |
| CVE-2023-29009 | basercms XSS Vulnerability via Favorites Feature | | |
| CVE-2023-29010 | BudiBase Server-Side Request Forgery vulnerability | S | |
| CVE-2023-29011 | Git for Windows's config file of `connect.exe` is susceptible to malicious placing | | |
| CVE-2023-29012 | Git CMD erroneously executes `doskey.exe` in the current directory, if it exists | | |
| CVE-2023-29013 | HTTP header parsing could cause a deny of service | S | |
| CVE-2023-29014 | Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter | S | |
| CVE-2023-29015 | Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments | S | |
| CVE-2023-29016 | Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames | S | |
| CVE-2023-29017 | vm2 Sandbox Escape vulnerability | E S | |
| CVE-2023-29018 | OpenFeature Operator vulnerable to Cluster-level Privilege Escalation | | |
| CVE-2023-29019 | Session fixation in fastify-passport | S | |
| CVE-2023-29020 | Cross site request forgery token fixation in fastify-passport | S | |
| CVE-2023-29022 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29023 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29024 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29025 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29026 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29027 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29028 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29029 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29030 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29031 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack | S | |
| CVE-2023-29032 | Apache OpenMeetings: allows bypass authentication | | |
| CVE-2023-29033 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29034 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29035 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29036 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29037 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29038 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29039 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29040 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29041 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29042 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-29043 | Presentations may contain references to images, which are user-controlled, and could include malicio... | | |
| CVE-2023-29044 | Documents operations could be manipulated to contain invalid data types, possibly script code. Scrip... | | |
| CVE-2023-29045 | Documents operations, in this case "drawing", could be manipulated to contain invalid data types, po... | | |
| CVE-2023-29046 | Connections to external data sources, like e-mail autoconfiguration, were not terminated in case the... | | |
| CVE-2023-29047 | Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing c... | | |
| CVE-2023-29048 | A component for parsing OXMF templates could be abused to execute arbitrary system commands that wou... | | |
| CVE-2023-29049 | The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers th... | | |
| CVE-2023-29050 | The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter stri... | | |
| CVE-2023-29051 | User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java... | | |
| CVE-2023-29052 | Users were able to define disclaimer texts for an upsell shop dialog that would contain script code ... | | |
| CVE-2023-29053 | A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All version... | | |
| CVE-2023-29054 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3... | | |
| CVE-2023-29055 | Apache Kylin: Insufficiently protected credentials in config file | | |
| CVE-2023-29056 | A valid LDAP user, under specific conditions, will default to read-only permissions when authenticat... | S | |
| CVE-2023-29057 | A valid XCC user's local account permissions overrides their active directory permissions under spec... | S | |
| CVE-2023-29058 | A valid, authenticated XCC user with read-only permissions can modify custom user roles on other use... | S | |
| CVE-2023-29059 | 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023... | E | |
| CVE-2023-29060 | Lack of USB Whitelisting | M | |
| CVE-2023-29061 | Lack of Adequate BIOS Authentication | M | |
| CVE-2023-29062 | Unsecure Identity Verification | M | |
| CVE-2023-29063 | Lack of DMA Access Protections | M | |
| CVE-2023-29064 | Hardcoded Secrets | M | |
| CVE-2023-29065 | Overly Permissive Access Policy | M | |
| CVE-2023-29066 | Incorrect User Management | M | |
| CVE-2023-29067 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corr... | | |
| CVE-2023-29068 | A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulner... | | |
| CVE-2023-29069 | A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker ca... | | |
| CVE-2023-29073 | A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to c... | | |
| CVE-2023-29074 | A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to... | | |
| CVE-2023-29075 | A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cau... | | |
| CVE-2023-29076 | A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 a... | | |
| CVE-2023-29078 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-29079 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-29080 | Privilege escalation in InstallShield | | |
| CVE-2023-29081 | InstallShield Symlink Vulnerability Affecting Suite Project Setups | | |
| CVE-2023-29084 | Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injec... | | |
| CVE-2023-29085 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exyno... | | |
| CVE-2023-29086 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exyno... | | |
| CVE-2023-29087 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exyno... | | |
| CVE-2023-29088 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exyno... | | |
| CVE-2023-29089 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exyno... | | |
| CVE-2023-29090 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exyno... | | |
| CVE-2023-29091 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exyno... | | |
| CVE-2023-29092 | An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 530... | | |
| CVE-2023-29093 | WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29094 | WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.20 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29095 | WordPress RSVPMarker Plugin < 10.5.5 is vulnerable to SQL Injection | S | |
| CVE-2023-29096 | WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection | | |
| CVE-2023-29097 | WordPress a3 Portfolio Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29098 | WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29099 | WordPress Divi Theme <= 4.20.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29100 | WordPress The7 Theme <= 11.6.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29101 | WordPress Betheme Theme <= 26.7.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29102 | WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Arbitrary File Upload | | |
| CVE-2023-29103 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), ... | S | |
| CVE-2023-29104 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), ... | S | |
| CVE-2023-29105 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), ... | S | |
| CVE-2023-29106 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), ... | S | |
| CVE-2023-29107 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), ... | S | |
| CVE-2023-29108 | IP filter vulnerability in ABAP Platform and SAP Web Dispatcher | | |
| CVE-2023-29109 | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) | | |
| CVE-2023-29110 | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) | | |
| CVE-2023-29111 | Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service) | | |
| CVE-2023-29112 | Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring) | | |
| CVE-2023-29114 | Unauthorized System Log Disclosure in Enel X JuiceBox | | |
| CVE-2023-29115 | Denial of Service via Web Management interface in Enel X JuiceBox | | |
| CVE-2023-29116 | PHP Information Disclosure in Enel X JuiceBox | | |
| CVE-2023-29117 | Authentication Bypass in JuiceBox Web Manager interface | | |
| CVE-2023-29118 | Unauthorized SQLite Injection in Enel X Juicebox | | |
| CVE-2023-29119 | Unauthorized SQLite Injection | | |
| CVE-2023-29120 | Unauthorized Remote Command Execution in Enel X Juicebox | | |
| CVE-2023-29121 | Exposed TCF agent service in Enel X Juicebox | | |
| CVE-2023-29122 | Incorrect file ownership of privileged service's libraries in Enel X JuiceBox | | |
| CVE-2023-29125 | Heap overflow in CM_main.exe binary in Enel X JuiceBox | | |
| CVE-2023-29126 | Insecure loose comparison in Enel X JuiceBox | | |
| CVE-2023-29128 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), ... | S | |
| CVE-2023-29129 | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < ... | S | |
| CVE-2023-29130 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consis... | S | |
| CVE-2023-29131 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consis... | S | |
| CVE-2023-29132 | Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector ... | | |
| CVE-2023-29134 | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of... | | |
| CVE-2023-29137 | An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImp... | S | |
| CVE-2023-29139 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with ch... | S | |
| CVE-2023-29140 | An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers m... | S | |
| CVE-2023-29141 | An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x... | | |
| CVE-2023-29145 | The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libr... | | |
| CVE-2023-29147 | In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on i... | | |
| CVE-2023-29150 | CVE-2023-29150 | | |
| CVE-2023-29151 | Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authe... | S | |
| CVE-2023-29152 | PTC Vuforia Studio Improper Authorization | S | |
| CVE-2023-29153 | Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.... | | |
| CVE-2023-29154 | SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user... | | |
| CVE-2023-29155 | INEA ME RTU Missing Authentication for Critical Function | S | |
| CVE-2023-29156 | Denial of Service due to loss of information in DroneScout ds230 Remote ID receiver from BlueMark Innovations | M | |
| CVE-2023-29157 | Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authentica... | S | |
| CVE-2023-29158 | SUBNET PowerSYSTEM Center Authentication Bypass by Capture-replay | S | |
| CVE-2023-29159 | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows ... | E | |
| CVE-2023-29160 | Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a sp... | | |
| CVE-2023-29161 | Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authentic... | S | |
| CVE-2023-29162 | Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) on... | | |
| CVE-2023-29163 | BIG-IP UDP Profile vulnerability | | |
| CVE-2023-29164 | Improper access control in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board... | | |
| CVE-2023-29165 | Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2... | | |
| CVE-2023-29166 | A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats... | | |
| CVE-2023-29167 | Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially c... | | |
| CVE-2023-29168 | PTC Vuforia Studio Insufficiently Protected Credentials | S | |
| CVE-2023-29169 | CVE-2023-29169 | | |
| CVE-2023-29170 | WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29171 | WordPress Magic Post Thumbnail Plugin <= 4.1.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29172 | WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29173 | WordPress Product Category Tree plugin <= 2.5 - Broken Access Control vulnerability | | |
| CVE-2023-29174 | WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability | S | |
| CVE-2023-29175 | An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all vers... | S | |
| CVE-2023-29177 | Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE... | S | |
| CVE-2023-29178 | A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 thro... | S | |
| CVE-2023-29179 | A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.... | S | |
| CVE-2023-29180 | A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.... | S | |
| CVE-2023-29181 | A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through ... | S | |
| CVE-2023-29182 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a priv... | S | |
| CVE-2023-29183 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilit... | S | |
| CVE-2023-29185 | Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages) | | |
| CVE-2023-29186 | Directory/Path Traversal vulnerability in SAP NetWeaver. | | |
| CVE-2023-29187 | DLL Hijacking vulnerability in SapSetup (Software Installation Program) | | |
| CVE-2023-29188 | Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI | | |
| CVE-2023-29189 | HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) | | |
| CVE-2023-29192 | SilverwareGames.io users with access to the game upload panel are able to edit download links for games uploaded by other developers | | |
| CVE-2023-29193 | SpiceDB binding metrics port to untrusted networks and can leak command-line flags | S | |
| CVE-2023-29194 | vitess allows users to create keyspaces that can deny access to already existing keyspaces | S | |
| CVE-2023-29195 | Vitess VTAdmin users that can create shards can deny access to other functions | E S | |
| CVE-2023-29196 | HTML injection via topic embedding in Discourse | | |
| CVE-2023-29197 | Improper header name validation in guzzlehttp/psr7 | | |
| CVE-2023-29198 | Context isolation bypass via nested unserializable return value in Electron | M | |
| CVE-2023-29199 | vm2 Sandbox escape vulnerability | E S | |
| CVE-2023-29200 | contao/core-bundle has path traversal vulnerability in the file manager | S | |
| CVE-2023-29201 | org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability | E S | |
| CVE-2023-29202 | org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability | E S | |
| CVE-2023-29203 | Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm | E S | |
| CVE-2023-29204 | URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore | E S | |
| CVE-2023-29205 | org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro | E S | |
| CVE-2023-29206 | org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins | E S | |
| CVE-2023-29207 | Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro | E S | |
| CVE-2023-29208 | Data leak through deleted documents | E S | |
| CVE-2023-29209 | org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability | E S | |
| CVE-2023-29210 | org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability | E S | |
| CVE-2023-29211 | org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability | E S | |
| CVE-2023-29212 | xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability | E S | |
| CVE-2023-29213 | org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability | E S | |
| CVE-2023-29214 | org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability | E S | |
| CVE-2023-29215 | Apache Linkis JDBC EngineCon has a deserialization command execution | | |
| CVE-2023-29216 | Apache Linkis DatasourceManager module has a deserialization command execution | | |
| CVE-2023-29218 | The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (... | | |
| CVE-2023-29234 | Bypass serialize checks in Apache Dubbo | | |
| CVE-2023-29235 | WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-29236 | WordPress Outdoor Theme <= 3.9.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29237 | WordPress Remove Duplicate Posts plugin <= 1.3.5 - Broken Access Control vulnerability | S | |
| CVE-2023-29238 | WordPress Whydonate – FREE Donate button Plugin <= 3.12.15 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-29239 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability | S | |
| CVE-2023-29240 | BIG-IQ iControl REST Vulnerability | | |
| CVE-2023-29241 | Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may l... | M | |
| CVE-2023-29242 | Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an auth... | | |
| CVE-2023-29243 | Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA ... | | |
| CVE-2023-29244 | Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for In... | | |
| CVE-2023-29245 | SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 | S | |
| CVE-2023-29246 | Apache OpenMeetings: allows null-byte Injection | | |
| CVE-2023-29247 | Stored XSS on Apache Airflow | S | |
| CVE-2023-29255 | IBM DB2 for Linux, UNIX and Windows denial of service | S | |
| CVE-2023-29256 | IBM Db2 information disclosure | | |
| CVE-2023-29257 | IBM Db2 code execution | S | |
| CVE-2023-29258 | IBM Db2 denial of service | | |
| CVE-2023-29259 | IBM Sterling Connect:Express for UNIX information disclosure | S | |
| CVE-2023-29260 | IBM Sterling Connect:Express for UNIX server-side request forgery | S | |
| CVE-2023-29261 | IBM Sterling Secure Proxy information disclosure | | |
| CVE-2023-29267 | IBM Db2 denial of service | | |
| CVE-2023-29268 | TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability | S | |
| CVE-2023-29273 | ZDI-CAN-20367: Adobe Substance 3D Painter USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-29274 | ZDI-CAN-20366: Adobe Substance 3D Painter USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-29275 | ZDI-CAN-20363: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-29276 | ZDI-CAN-20362: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-29277 | ZDI-CAN-20370: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-29278 | ZDI-CAN-20371: Adobe Substance 3D Painter GLTF File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2023-29279 | ZDI-CAN-20368: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-29280 | ZDI-CAN-20372: Adobe Substance 3D Painter PLY File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-29281 | ZDI-CAN-20364: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-29282 | ZDI-CAN-20359: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-29283 | ZDI-CAN-20361: Adobe Substance 3D Painter USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-29284 | ZDI-CAN-20365: Adobe Substance 3D Painter USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-29285 | ZDI-CAN-20360: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-29286 | ZDI-CAN-20369: Adobe Substance 3D Painter USD File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2023-29287 | Adobe Commerce Information Exposure Security feature bypass | | |
| CVE-2023-29288 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2023-29289 | Adobe Commerce XML Injection Security feature bypass | | |
| CVE-2023-29290 | Adobe Commerce Guest Cart Shipping Address Overwrite IDOR | | |
| CVE-2023-29291 | Server Side Request Forgery (SSRF) in USPS carrier integration configuration | | |
| CVE-2023-29292 | Server Side Request Forgery (SSRF) in FedEx carrier integration configuration | | |
| CVE-2023-29293 | Adobe Commerce | Improper Input Validation (CWE-20) | | |
| CVE-2023-29294 | Bypass Purchase Order Approval using Company User in Adobe Commerce B2B | | |
| CVE-2023-29295 | Insecure Direct Object Reference (IDOR) in Create Quote Function | | |
| CVE-2023-29296 | [Cloud] Customer suspects IDOR vulnerability | | |
| CVE-2023-29297 | Admin-to-admin stored XSS via cache poisoning | | |
| CVE-2023-29298 | Adobe ColdFusion Improper Access Control Security feature bypass | KEV | |
| CVE-2023-29299 | Adobe Acrobat Reader Untrusted Search Path Application denial-of-service | | |
| CVE-2023-29300 | Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution | KEV | |
| CVE-2023-29301 | Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Security feature bypass | | |
| CVE-2023-29302 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2023-29303 | ZDI-CAN-20970: Adobe Acrobat Reader DC AcroForm Annotation Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-29304 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2023-29305 | Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution | | |
| CVE-2023-29306 | Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution | | |
| CVE-2023-29307 | Open Redirect on AEM Target | | |
| CVE-2023-29308 | [FG-VD-23-009] Adobe InDesign 2023 Arbitrary Code Execution Vulnerability Notification | | |
| CVE-2023-29309 | [FG-VD-23-003] Adobe InDesign 2023 Out-of-Bound Read Vulnerability Notification | | |
| CVE-2023-29310 | [FG-VD-23-007] Adobe InDesign 2023 Out-of-Bound Read Vulnerability V Notification | | |
| CVE-2023-29311 | [FG-VD-23-006] Adobe InDesign 2023 Out-of-Bound Read Vulnerability IV Notification | | |
| CVE-2023-29312 | [FG-VD-23-004] Adobe InDesign 2023 Out-of-Bound Read Vulnerability II Notification | | |
| CVE-2023-29313 | [FG-VD-23-014] Adobe InDesign 2023 Out-of-Bound Read Vulnerability XI Notification | | |
| CVE-2023-29314 | [FG-VD-23-013] Adobe InDesign 2023 Out-of-Bound Read Vulnerability X Notification | | |
| CVE-2023-29315 | [FG-VD-23-008] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VI Notification | | |
| CVE-2023-29316 | [FG-VD-23-012] Adobe InDesign 2023 Out-of-Bound Read Vulnerability IX Notification | | |
| CVE-2023-29317 | [FG-VD-23-005] Adobe InDesign 2023 Out-of-Bound Read Vulnerability III Notification | | |
| CVE-2023-29318 | [FG-VD-23-011] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VIII Notification | | |
| CVE-2023-29319 | [FG-VD-23-010] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VII Notification | | |
| CVE-2023-29320 | ZDI-CAN-20712: Adobe Acrobat Blacklist Bypass Design flaw | | |
| CVE-2023-29321 | Adobe Animate FLA files Use After Free Arbitrary code execution | | |
| CVE-2023-29322 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2023-29323 | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMT... | S | |
| CVE-2023-29324 | Windows MSHTML Platform Security Feature Bypass Vulnerability | S | |
| CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability | S | |
| CVE-2023-29326 | .NET Framework Remote Code Execution Vulnerability | S | |
| CVE-2023-29328 | Microsoft Teams Remote Code Execution Vulnerability | S | |
| CVE-2023-29330 | Microsoft Teams Remote Code Execution Vulnerability | S | |
| CVE-2023-29331 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | S | |
| CVE-2023-29332 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-29333 | Microsoft Access Denial of Service Vulnerability | S | |
| CVE-2023-29334 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2023-29335 | Microsoft Word Security Feature Bypass Vulnerability | S | |
| CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2023-29337 | NuGet Client Remote Code Execution Vulnerability | S | |
| CVE-2023-29338 | Visual Studio Code Spoofing Vulnerability | S | |
| CVE-2023-29340 | AV1 Video Extension Remote Code Execution Vulnerability | S | |
| CVE-2023-29341 | AV1 Video Extension Remote Code Execution Vulnerability | S | |
| CVE-2023-29343 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | S | |
| CVE-2023-29344 | Microsoft Office Remote Code Execution Vulnerability | S | |
| CVE-2023-29345 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | S | |
| CVE-2023-29346 | NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2023-29347 | Windows Admin Center Spoofing Vulnerability | S | |
| CVE-2023-29348 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | S | |
| CVE-2023-29349 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | S | |
| CVE-2023-29350 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-29351 | Windows Group Policy Elevation of Privilege Vulnerability | S | |
| CVE-2023-29352 | Windows Remote Desktop Security Feature Bypass Vulnerability | S | |
| CVE-2023-29353 | Sysinternals Process Monitor for Windows Denial of Service Vulnerability | S | |
| CVE-2023-29354 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | S | |
| CVE-2023-29355 | DHCP Server Service Information Disclosure Vulnerability | S | |
| CVE-2023-29356 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-29357 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-29358 | Windows GDI Elevation of Privilege Vulnerability | S | |
| CVE-2023-29359 | GDI Elevation of Privilege Vulnerability | S | |
| CVE-2023-29360 | Microsoft Streaming Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-29361 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-29362 | Remote Desktop Client Remote Code Execution Vulnerability | S | |
| CVE-2023-29363 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | S | |
| CVE-2023-29364 | Windows Authentication Elevation of Privilege Vulnerability | S | |
| CVE-2023-29365 | Windows Media Remote Code Execution Vulnerability | S | |
| CVE-2023-29366 | Windows Geolocation Service Remote Code Execution Vulnerability | S | |
| CVE-2023-29367 | iSCSI Target WMI Provider Remote Code Execution Vulnerability | S | |
| CVE-2023-29368 | Windows Filtering Platform Elevation of Privilege Vulnerability | S | |
| CVE-2023-29369 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-29370 | Windows Media Remote Code Execution Vulnerability | S | |
| CVE-2023-29371 | Windows GDI Elevation of Privilege Vulnerability | S | |
| CVE-2023-29372 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-29373 | Microsoft ODBC Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-29374 | In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execut... | E S | |
| CVE-2023-29375 | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 be... | | |
| CVE-2023-29376 | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 be... | | |
| CVE-2023-29380 | Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.... | E S | |
| CVE-2023-29381 | An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privi... | | |
| CVE-2023-29382 | An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code... | | |
| CVE-2023-29383 | In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program... | E S | |
| CVE-2023-29384 | WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.0 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-29385 | WordPress WP Abstracts Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-29386 | WordPress Manager for Icomoon plugin <= 2.0 - Arbitrary File Upload vulnerability | S | |
| CVE-2023-29387 | WordPress Manager for Icomoon Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-29388 | WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29389 | Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows ph... | E | |
| CVE-2023-29400 | Improper handling of empty HTML attributes in html/template | S | |
| CVE-2023-29401 | Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin | E S | |
| CVE-2023-29402 | Code injection via go command with cgo in cmd/go | S | |
| CVE-2023-29403 | Unsafe behavior in setuid/setgid binaries in runtime | S | |
| CVE-2023-29404 | Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go | S | |
| CVE-2023-29405 | Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go | S | |
| CVE-2023-29406 | Insufficient sanitization of Host header in net/http | S | |
| CVE-2023-29407 | Excessive CPU consumption when decoding 0-height images in golang.org/x/image/tiff | S | |
| CVE-2023-29408 | Excessive resource consumption in golang.org/x/image/tiff | S | |
| CVE-2023-29409 | Large RSA keys can cause high CPU usage in crypto/tls | S | |
| CVE-2023-29410 | A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker... | S | |
| CVE-2023-29411 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow chang... | S | |
| CVE-2023-29412 | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') v... | S | |
| CVE-2023-29413 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denia... | S | |
| CVE-2023-29414 | A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exist... | S | |
| CVE-2023-29415 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can ... | E S | |
| CVE-2023-29416 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write ... | E S | |
| CVE-2023-29417 | An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read i... | E S | |
| CVE-2023-29418 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.... | E S | |
| CVE-2023-29419 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-boun... | E S | |
| CVE-2023-29420 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid m... | E S | |
| CVE-2023-29421 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_... | E S | |
| CVE-2023-29422 | WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability | S | |
| CVE-2023-29423 | WordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29424 | WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29425 | WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-29426 | WordPress Spreadshop Plugin Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-29427 | WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29428 | WordPress Superb Social Media Share Buttons and Follow Buttons Plugin <= 1.1.3 is vulnerable to Broken Access Control | S | |
| CVE-2023-29429 | WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability | S | |
| CVE-2023-29430 | WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29431 | WordPress qTranslate X Cleanup and WPML Import plugin <= 3.0.1 - Broken Access Control vulnerability | S | |
| CVE-2023-29432 | WordPress Houzez Theme < 2.8.3 is vulnerable to SQL Injection | S | |
| CVE-2023-29433 | WordPress tencentcloud-cos plugin <= 1.0.7 - Broken Access Control vulnerability | | |
| CVE-2023-29434 | WordPress Optin Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-29435 | WordPress Cryptocurrency All-in-One Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-29436 | WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-29437 | WordPress Connections Business Directory Plugin <= 10.4.36 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-29438 | WordPress SimpleModal Contact Form (SMCF) Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-29439 | WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-29440 | WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-29441 | WordPress WebLibrarian Plugin <= 3.5.8.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-29442 | Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.... | | |
| CVE-2023-29443 | Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Pl... | | |
| CVE-2023-29444 | Uncontrolled Search Path Element in PTC's Kepware KEPServerEX | | |
| CVE-2023-29445 | Uncontrolled Search Path Element in PTC's Kepware KEPServerEX | | |
| CVE-2023-29446 | Improper Input Validation in PTC's Kepware KEPServerEX | | |
| CVE-2023-29447 | Insufficiently Protected Credentials in PTC's Kepware KEPServerEX | | |
| CVE-2023-29449 | Limited control of resource utilization in JS preprocessing | | |
| CVE-2023-29450 | Unauthorized limited filesystem access from preprocessing | | |
| CVE-2023-29451 | Denial of service caused by a bug in the JSON parser | | |
| CVE-2023-29452 | Remove possibility to add html into Geomap attribution field | | |
| CVE-2023-29453 | Agent 2 package are built with Go version affected by CVE-2023-24538 | | |
| CVE-2023-29454 | Persistent XSS in the user form | | |
| CVE-2023-29455 | Reflected XSS in several fields of graph form | S | |
| CVE-2023-29456 | Inefficient URL schema validation | S | |
| CVE-2023-29457 | Insufficient validation of Action form input fields | S | |
| CVE-2023-29458 | Duktape 2.6 bug crashes JavaScript putting too many values in valstack. | | |
| CVE-2023-29459 | The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsa... | | |
| CVE-2023-29460 | Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability | S | |
| CVE-2023-29461 | Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability | S | |
| CVE-2023-29462 | Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability | S | |
| CVE-2023-29463 | Pavilion8 Security Misconfiguration Vulnerability | S | |
| CVE-2023-29464 | Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure | S | |
| CVE-2023-29465 | SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example... | E S | |
| CVE-2023-29468 | The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information element... | | |
| CVE-2023-29469 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML d... | | |
| CVE-2023-29471 | Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files... | | |
| CVE-2023-29473 | webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10... | | |
| CVE-2023-29474 | inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 ... | | |
| CVE-2023-29475 | inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 ... | | |
| CVE-2023-29476 | In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to in... | | |
| CVE-2023-29478 | BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restrict... | E | |
| CVE-2023-29479 | Ribose RNP before 0.16.3 may hang when the input is malformed.... | | |
| CVE-2023-29480 | Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.... | | |
| CVE-2023-29483 | eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with... | | |
| CVE-2023-29484 | In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.... | S | |
| CVE-2023-29485 | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and bef... | E | |
| CVE-2023-29486 | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows att... | E | |
| CVE-2023-29487 | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and bef... | E | |
| CVE-2023-29489 | An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via... | E | |
| CVE-2023-29491 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger securi... | E S | |
| CVE-2023-29492 | Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the ... | KEV | |
| CVE-2023-29494 | Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to pot... | | |
| CVE-2023-29495 | Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privile... | | |
| CVE-2023-29497 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO... | | |
| CVE-2023-29498 | Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loade... | | |
| CVE-2023-29499 | Gvariant offset table entry size is not checked in is_normal() | | |
| CVE-2023-29500 | Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs m... | | |
| CVE-2023-29501 | Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon ... | | |
| CVE-2023-29502 | PTC Vuforia Studio Path Traversal | S | |
| CVE-2023-29503 | The affected application lacks proper validation of user-supplied data when parsing project f... | S | |
| CVE-2023-29504 | Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before ... | | |
| CVE-2023-29505 | An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket e... | | |
| CVE-2023-29506 | org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints | E S | |
| CVE-2023-29507 | org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors | S | |
| CVE-2023-29508 | org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting | | |
| CVE-2023-29509 | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability | E S | |
| CVE-2023-29510 | Code injection via unescaped translations in xwiki-platform | E S | |
| CVE-2023-29511 | xwiki-platform-administration-ui vulnerable to privilege escalation | E S | |
| CVE-2023-29512 | Code injection in xwiki-platform-web-templates | E S | |
| CVE-2023-29513 | Users can be created even when registration is disabled without validation via the template macro in xwiki-platform | E | |
| CVE-2023-29514 | Code injection in template provider administration in xwiki-platform | E S | |
| CVE-2023-29515 | Cross-site scripting (XSS) in xwiki-platform | E S | |
| CVE-2023-29516 | Code injection from view right on XWiki.AttachmentSelector in xwiki-platform | E S | |
| CVE-2023-29517 | Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer | E S | |
| CVE-2023-29518 | Code injection from view right using Invitation.InvitationCommon in xwiki-platform | E S | |
| CVE-2023-29519 | Code injection in org.xwiki.platform:xwiki-platform-attachment-ui | E S | |
| CVE-2023-29520 | Page render failure due to broken translations in xwiki-platform | E S | |
| CVE-2023-29521 | Code injection from account/view through VFS Tree macro in xwiki-platform | E S | |
| CVE-2023-29522 | Code injection from view right on XWiki.ClassSheet in xwiki-platform | E S | |
| CVE-2023-29523 | Code injection in display method used in user profiles in xwiki-platform | E S | |
| CVE-2023-29524 | Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform | E S | |
| CVE-2023-29525 | Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform | E S | |
| CVE-2023-29526 | Async and display macro allow displaying and interacting with any document in restricted mode | E S | |
| CVE-2023-29527 | Code injection from account through AWM view sheet in xwiki platform | E S | |
| CVE-2023-29528 | Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml | E S | |
| CVE-2023-29529 | matrix-js-sdk vulnerable to invisible eavesdropping in group calls | S | |
| CVE-2023-29530 | Laminas Diactoros vulnerable to HTTP Multiline Header Termination | | |
| CVE-2023-29531 | An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory cor... | | |
| CVE-2023-29532 | A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by ... | | |
| CVE-2023-29533 | A website could have obscured the fullscreen notification by using a combination of window.ope... | | |
| CVE-2023-29534 | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android... | | |
| CVE-2023-29535 | Following a Garbage Collector compaction, weak maps may have been accessed before they were correctl... | | |
| CVE-2023-29536 | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-con... | | |
| CVE-2023-29537 | Multiple race conditions in the font initialization could have led to memory corruption and executio... | | |
| CVE-2023-29538 | Under specific circumstances a WebExtension may have received a jar:file:/// URI instea... | | |
| CVE-2023-29539 | When handling the filename directive in the Content-Disposition header, the filename would be trunca... | | |
| CVE-2023-29540 | Using a redirect embedded into sourceMappingUrls could allow for navigation to external... | | |
| CVE-2023-29541 | Firefox did not properly handle downloads of files ending in .desktop, which can be int... | | |
| CVE-2023-29542 | A newline in a filename could have been used to bypass the file extension security mechanisms that r... | | |
| CVE-2023-29543 | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a po... | | |
| CVE-2023-29544 | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector c... | | |
| CVE-2023-29545 | Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing en... | | |
| CVE-2023-29546 | When recording the screen while in Private Browsing on Firefox for Android the address bar and keybo... | | |
| CVE-2023-29547 | When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could ... | | |
| CVE-2023-29548 | A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This... | | |
| CVE-2023-29549 | Under certain circumstances, a call to the bind function may have resulted in the incor... | | |
| CVE-2023-29550 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence ... | | |
| CVE-2023-29551 | Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption a... | | |
| CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register... | KEV E | |
| CVE-2023-29562 | TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation param... | E | |
| CVE-2023-29566 | huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a rem... | E S | |
| CVE-2023-29569 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mj... | E | |
| CVE-2023-29570 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ff... | E | |
| CVE-2023-29571 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. Thi... | E | |
| CVE-2023-29573 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.... | E | |
| CVE-2023-29574 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.... | E | |
| CVE-2023-29575 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component.... | E | |
| CVE-2023-29576 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOf... | E | |
| CVE-2023-29578 | mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty... | E | |
| CVE-2023-29579 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466... | E | |
| CVE-2023-29580 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_... | E | |
| CVE-2023-29581 | yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/n... | E | |
| CVE-2023-29582 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nas... | E | |
| CVE-2023-29583 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nas... | E | |
| CVE-2023-29584 | mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel functi... | E | |
| CVE-2023-29586 | Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a c... | | |
| CVE-2023-29596 | Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary ... | E | |
| CVE-2023-29597 | bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?... | E | |
| CVE-2023-29598 | lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at i... | E | |
| CVE-2023-29621 | Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability whic... | E | |
| CVE-2023-29622 | Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the passw... | E | |
| CVE-2023-29623 | Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vuln... | E | |
| CVE-2023-29625 | Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulne... | E | |
| CVE-2023-29626 | Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2023-29627 | Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which al... | E | |
| CVE-2023-29629 | PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.... | | |
| CVE-2023-29630 | PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.... | | |
| CVE-2023-29631 | PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.... | | |
| CVE-2023-29632 | PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.... | S | |
| CVE-2023-29635 | File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicio... | S | |
| CVE-2023-29636 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary... | E | |
| CVE-2023-29637 | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary... | E | |
| CVE-2023-29638 | Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e20... | E | |
| CVE-2023-29639 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary... | E | |
| CVE-2023-29641 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject a... | E | |
| CVE-2023-29643 | Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary ... | E | |
| CVE-2023-29656 | An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 al... | E | |
| CVE-2023-29657 | eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading... | E | |
| CVE-2023-29659 | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted hei... | E | |
| CVE-2023-29665 | D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters i... | E | |
| CVE-2023-29680 | Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an... | E | |
| CVE-2023-29681 | Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an aut... | E | |
| CVE-2023-29689 | PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a ser... | E | |
| CVE-2023-29693 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp... | E | |
| CVE-2023-29696 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_... | E | |
| CVE-2023-29707 | Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows a... | E | |
| CVE-2023-29708 | An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attacker... | E | |
| CVE-2023-29709 | An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows at... | E | |
| CVE-2023-29711 | An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attacke... | E | |
| CVE-2023-29712 | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute ... | E | |
| CVE-2023-29713 | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute ... | | |
| CVE-2023-29714 | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute ... | | |
| CVE-2023-29720 | SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.... | E S | |
| CVE-2023-29721 | SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.... | E S | |
| CVE-2023-29722 | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively requ... | E | |
| CVE-2023-29723 | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to activ... | E | |
| CVE-2023-29724 | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission ... | E | |
| CVE-2023-29725 | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request per... | E | |
| CVE-2023-29726 | The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker ca... | E | |
| CVE-2023-29727 | The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed compo... | E | |
| CVE-2023-29728 | The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data,... | E | |
| CVE-2023-29731 | SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the ... | E | |
| CVE-2023-29732 | SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to... | E | |
| CVE-2023-29733 | The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPre... | E | |
| CVE-2023-29734 | An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of p... | E | |
| CVE-2023-29735 | An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of serv... | E | |
| CVE-2023-29736 | Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows un... | E | |
| CVE-2023-29737 | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause... | E | |
| CVE-2023-29738 | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause... | E | |
| CVE-2023-29739 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cau... | E | |
| CVE-2023-29740 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cau... | E | |
| CVE-2023-29741 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of... | E | |
| CVE-2023-29742 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution... | E | |
| CVE-2023-29743 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent den... | E | |
| CVE-2023-29745 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent den... | E | |
| CVE-2023-29746 | An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution a... | E | |
| CVE-2023-29747 | Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the compon... | E | |
| CVE-2023-29748 | Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provid... | E | |
| CVE-2023-29749 | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation o... | E | |
| CVE-2023-29751 | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent... | E | |
| CVE-2023-29752 | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause es... | E | |
| CVE-2023-29753 | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a d... | E | |
| CVE-2023-29755 | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privil... | E | |
| CVE-2023-29756 | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial ... | E | |
| CVE-2023-29757 | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation... | E | |
| CVE-2023-29758 | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persiste... | E | |
| CVE-2023-29759 | An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent den... | E | |
| CVE-2023-29761 | An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial... | E | |
| CVE-2023-29766 | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Priv... | E | |
| CVE-2023-29767 | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial o... | E | |
| CVE-2023-29770 | In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker ... | E | |
| CVE-2023-29772 | A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator w... | E | |
| CVE-2023-29774 | Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).... | | |
| CVE-2023-29778 | GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logr... | E | |
| CVE-2023-29779 | Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote... | E | |
| CVE-2023-29780 | Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote ... | E | |
| CVE-2023-29790 | kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.... | | |
| CVE-2023-29791 | kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information.... | | |
| CVE-2023-29798 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via... | E | |
| CVE-2023-29799 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via... | E | |
| CVE-2023-29800 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via... | E | |
| CVE-2023-29801 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabil... | E | |
| CVE-2023-29802 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via... | E | |
| CVE-2023-29803 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via... | E | |
| CVE-2023-29804 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod f... | E | |
| CVE-2023-29805 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_cancelt... | E | |
| CVE-2023-29808 | Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execu... | E | |
| CVE-2023-29809 | SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attac... | E | |
| CVE-2023-29815 | mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).... | E | |
| CVE-2023-29818 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a... | | |
| CVE-2023-29819 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a... | | |
| CVE-2023-29820 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a... | | |
| CVE-2023-29824 | A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.... | E S | |
| CVE-2023-29827 | ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, templat... | E S | |
| CVE-2023-29835 | Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to ... | E | |
| CVE-2023-29836 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 al... | E | |
| CVE-2023-29837 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 all... | | |
| CVE-2023-29838 | Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local a... | E | |
| CVE-2023-29839 | A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.... | E | |
| CVE-2023-29842 | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via t... | E | |
| CVE-2023-29845 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-29847 | AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities ... | E | |
| CVE-2023-29848 | Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the i... | E | |
| CVE-2023-29849 | Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemI... | E | |
| CVE-2023-29850 | SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded image... | E | |
| CVE-2023-29854 | DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground.... | E | |
| CVE-2023-29855 | WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.... | E | |
| CVE-2023-29856 | D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vul... | | |
| CVE-2023-29857 | An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessin... | | |
| CVE-2023-29860 | An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows atta... | E | |
| CVE-2023-29861 | An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary cod... | E | |
| CVE-2023-29862 | An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arb... | E | |
| CVE-2023-29863 | Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulne... | | |
| CVE-2023-29867 | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker coul... | | |
| CVE-2023-29868 | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker w... | | |
| CVE-2023-29881 | phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call... | | |
| CVE-2023-29887 | A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attacker... | E M | |
| CVE-2023-29905 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat in... | | |
| CVE-2023-29906 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSI... | | |
| CVE-2023-29907 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSI... | | |
| CVE-2023-29908 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPIn... | | |
| CVE-2023-29909 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacLis... | | |
| CVE-2023-29910 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClon... | | |
| CVE-2023-29911 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList in... | | |
| CVE-2023-29912 | H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface a... | | |
| CVE-2023-29913 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLe... | | |
| CVE-2023-29914 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerLis... | | |
| CVE-2023-29915 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at ... | | |
| CVE-2023-29916 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanPara... | | |
| CVE-2023-29917 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /... | | |
| CVE-2023-29918 | RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.... | E | |
| CVE-2023-29919 | SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read o... | E | |
| CVE-2023-29921 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.... | E | |
| CVE-2023-29922 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.... | E | |
| CVE-2023-29923 | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.... | E | |
| CVE-2023-29924 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.... | | |
| CVE-2023-29926 | PowerJob V4.3.2 has unauthorized interface that causes remote code execution.... | | |
| CVE-2023-29927 | Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client... | | |
| CVE-2023-29929 | Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote... | | |
| CVE-2023-29930 | An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote... | | |
| CVE-2023-29931 | laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.... | E | |
| CVE-2023-29932 | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::... | S | |
| CVE-2023-29933 | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::... | S | |
| CVE-2023-29934 | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::T... | S | |
| CVE-2023-29935 | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(o... | S | |
| CVE-2023-29939 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::... | S | |
| CVE-2023-29941 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchA... | S | |
| CVE-2023-29942 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::... | S | |
| CVE-2023-29944 | Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reve... | E | |
| CVE-2023-29950 | swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_f... | E | |
| CVE-2023-29961 | D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipS... | E | |
| CVE-2023-29962 | S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.... | E | |
| CVE-2023-29963 | S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via ... | E | |
| CVE-2023-29973 | Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multi... | E M | |
| CVE-2023-29974 | An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via wea... | | |
| CVE-2023-29975 | An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user ... | | |
| CVE-2023-29983 | Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to ... | E | |
| CVE-2023-29984 | Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement ... | | |
| CVE-2023-29985 | Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from ha... | E | |
| CVE-2023-29986 | spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEnd... | | |
| CVE-2023-29994 | In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.... | E | |
| CVE-2023-29995 | In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c... | E | |
| CVE-2023-29996 | In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding s... | E | |
| CVE-2023-29998 | A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remot... | E |