| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-30013 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulner... | E | |
| CVE-2023-30014 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to ... | E | |
| CVE-2023-30015 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to ... | E | |
| CVE-2023-30016 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to ... | E | |
| CVE-2023-30018 | Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mai... | E | |
| CVE-2023-30019 | imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization ... | E S | |
| CVE-2023-30024 | The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory ... | E | |
| CVE-2023-30053 | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.... | E | |
| CVE-2023-30054 | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain... | E | |
| CVE-2023-30056 | A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to ins... | | |
| CVE-2023-30057 | Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Modu... | | |
| CVE-2023-30058 | novel-plus 3.6.2 is vulnerable to SQL Injection.... | E | |
| CVE-2023-30061 | D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.... | E | |
| CVE-2023-30063 | D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.... | E | |
| CVE-2023-30065 | MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote co... | E | |
| CVE-2023-30076 | Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judg... | E | |
| CVE-2023-30077 | Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-j... | E | |
| CVE-2023-30078 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-32181. Reason: This record is a du... | R | |
| CVE-2023-30079 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a du... | R | |
| CVE-2023-30082 | A denial of service attack might be launched against the server if an unusually lengthy password (mo... | E | |
| CVE-2023-30083 | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a d... | E | |
| CVE-2023-30084 | An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via ... | E | |
| CVE-2023-30085 | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a d... | E | |
| CVE-2023-30086 | Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of ... | E | |
| CVE-2023-30087 | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial ... | E | |
| CVE-2023-30088 | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mj... | E | |
| CVE-2023-30090 | Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component ... | | |
| CVE-2023-30092 | SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY paramete... | E | |
| CVE-2023-30093 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to... | E | |
| CVE-2023-30094 | A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute ar... | E | |
| CVE-2023-30095 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attacke... | E | |
| CVE-2023-30096 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attacke... | E | |
| CVE-2023-30097 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attacke... | E | |
| CVE-2023-30106 | Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via ... | | |
| CVE-2023-30111 | Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2023-30112 | Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection.... | | |
| CVE-2023-30122 | An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online F... | E | |
| CVE-2023-30123 | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.... | E | |
| CVE-2023-30124 | LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-30125 | EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-30130 | An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted ... | E | |
| CVE-2023-30131 | An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain ... | E | |
| CVE-2023-30132 | An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privilege... | E | |
| CVE-2023-30135 | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via th... | E S | |
| CVE-2023-30145 | Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability ... | E | |
| CVE-2023-30146 | Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers ... | E | |
| CVE-2023-30148 | Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before versi... | S | |
| CVE-2023-30149 | SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for Pr... | E | |
| CVE-2023-30150 | PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leo... | | |
| CVE-2023-30151 | A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.... | E | |
| CVE-2023-30153 | An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.... | E S | |
| CVE-2023-30154 | Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaS... | S | |
| CVE-2023-30172 | A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.... | | |
| CVE-2023-30177 | CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code int... | S | |
| CVE-2023-30179 | CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated att... | E | |
| CVE-2023-30183 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-30349. Reason: This record is a re... | R | |
| CVE-2023-30184 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbi... | E | |
| CVE-2023-30185 | CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the componen... | | |
| CVE-2023-30186 | A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote att... | E S | |
| CVE-2023-30187 | An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows... | E S | |
| CVE-2023-30188 | Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote atta... | E S | |
| CVE-2023-30189 | Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurren... | E S | |
| CVE-2023-30191 | PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontContro... | E S | |
| CVE-2023-30192 | Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().... | E S | |
| CVE-2023-30194 | Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurren... | E S | |
| CVE-2023-30195 | In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for Pres... | | |
| CVE-2023-30196 | Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster... | S | |
| CVE-2023-30197 | Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaS... | | |
| CVE-2023-30198 | Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpaymen... | | |
| CVE-2023-30199 | Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexpo... | S | |
| CVE-2023-30200 | In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions u... | S | |
| CVE-2023-30203 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event... | E | |
| CVE-2023-30204 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge... | | |
| CVE-2023-30205 | A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitra... | | |
| CVE-2023-30207 | A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to... | E S | |
| CVE-2023-30210 | OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.... | E | |
| CVE-2023-30211 | OURPHP <= 7.2.0 is vulnerable to SQL Injection.... | E | |
| CVE-2023-30212 | OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.... | E | |
| CVE-2023-30216 | Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows att... | E | |
| CVE-2023-30222 | An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier... | E | |
| CVE-2023-30223 | A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier all... | E | |
| CVE-2023-30226 | An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry a... | S | |
| CVE-2023-30237 | CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerab... | E | |
| CVE-2023-30242 | NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ike... | | |
| CVE-2023-30243 | Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId ... | | |
| CVE-2023-30245 | SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to exe... | E | |
| CVE-2023-30246 | SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to exe... | E | |
| CVE-2023-30247 | File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a re... | E | |
| CVE-2023-30253 | Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipu... | E | |
| CVE-2023-30256 | Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtai... | E | |
| CVE-2023-30257 | A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attacker... | E | |
| CVE-2023-30258 | Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers ... | E S | |
| CVE-2023-30259 | A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sen... | E | |
| CVE-2023-30260 | Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to... | E S | |
| CVE-2023-30261 | Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary comma... | E S | |
| CVE-2023-30262 | An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in... | S | |
| CVE-2023-30264 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/... | | |
| CVE-2023-30265 | CLTPHP <=6.0 is vulnerable to Directory Traversal.... | | |
| CVE-2023-30266 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.... | | |
| CVE-2023-30267 | CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.ph... | | |
| CVE-2023-30268 | CLTPHP <=6.0 is vulnerable to Improper Input Validation.... | | |
| CVE-2023-30269 | CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.ph... | | |
| CVE-2023-30280 | Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.... | | |
| CVE-2023-30281 | Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquick... | | |
| CVE-2023-30282 | PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of pe... | | |
| CVE-2023-30285 | An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login... | | |
| CVE-2023-30297 | An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to exec... | | |
| CVE-2023-30300 | An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.... | E | |
| CVE-2023-30305 | An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lea... | | |
| CVE-2023-30306 | An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP session... | | |
| CVE-2023-30307 | An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239... | | |
| CVE-2023-30308 | An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allo... | | |
| CVE-2023-30309 | An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could... | | |
| CVE-2023-30310 | An issue discovered in Comfast Comfast CF-616AC routers allows attackers to hijack TCP sessions whic... | | |
| CVE-2023-30311 | An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sess... | | |
| CVE-2023-30312 | An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to h... | | |
| CVE-2023-30313 | An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which cou... | | |
| CVE-2023-30314 | An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP ... | | |
| CVE-2023-30319 | Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in w... | E | |
| CVE-2023-30320 | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in ... | E | |
| CVE-2023-30321 | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java i... | E | |
| CVE-2023-30322 | Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Pay... | | |
| CVE-2023-30323 | SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngin... | | |
| CVE-2023-30325 | SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 C... | | |
| CVE-2023-30326 | Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in... | | |
| CVE-2023-30328 | An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to... | E | |
| CVE-2023-30330 | SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in ... | E | |
| CVE-2023-30331 | An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template in... | E | |
| CVE-2023-30333 | An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v... | E | |
| CVE-2023-30334 | AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the M... | E S | |
| CVE-2023-30338 | Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to e... | E S | |
| CVE-2023-30347 | Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name p... | E | |
| CVE-2023-30349 | JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the Acti... | E | |
| CVE-2023-30350 | FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges ... | E | |
| CVE-2023-30351 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded d... | | |
| CVE-2023-30352 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded d... | | |
| CVE-2023-30353 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execu... | | |
| CVE-2023-30354 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access ... | | |
| CVE-2023-30356 | Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.221104135... | | |
| CVE-2023-30362 | Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4... | E S | |
| CVE-2023-30363 | vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value reso... | E | |
| CVE-2023-30367 | Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to s... | E | |
| CVE-2023-30368 | Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.... | | |
| CVE-2023-30369 | Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.... | | |
| CVE-2023-30370 | In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerabili... | | |
| CVE-2023-30371 | In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerabi... | | |
| CVE-2023-30372 | In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnera... | | |
| CVE-2023-30373 | In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vu... | | |
| CVE-2023-30375 | In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerabil... | | |
| CVE-2023-30376 | In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow v... | | |
| CVE-2023-30378 | In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerabi... | | |
| CVE-2023-30380 | An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a... | E | |
| CVE-2023-30382 | A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execu... | M | |
| CVE-2023-30383 | TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LIN... | | |
| CVE-2023-30394 | The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication fun... | | |
| CVE-2023-30399 | Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers t... | E | |
| CVE-2023-30400 | An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerabi... | E | |
| CVE-2023-30402 | YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nas... | E | |
| CVE-2023-30403 | An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Rout... | E | |
| CVE-2023-30404 | Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution ... | E | |
| CVE-2023-30405 | A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allo... | E | |
| CVE-2023-30406 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma... | E | |
| CVE-2023-30408 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component buil... | E | |
| CVE-2023-30410 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_func... | E | |
| CVE-2023-30414 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /... | E | |
| CVE-2023-30415 | Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection v... | E | |
| CVE-2023-30417 | A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execu... | E | |
| CVE-2023-30421 | mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit s... | | |
| CVE-2023-30428 | Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer | | |
| CVE-2023-30429 | Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy | | |
| CVE-2023-30430 | IBM Security Verify Access information disclosure | | |
| CVE-2023-30431 | IBM Db2 buffer overflow | S | |
| CVE-2023-30433 | IBM Security Verify Access HTTP open redirect | M | |
| CVE-2023-30434 | IBM Storage Scale denial of service | S | |
| CVE-2023-30435 | IBM Security Guardium cross-site scripting | S | |
| CVE-2023-30436 | IBM Security Guardium cross-site scripting | S | |
| CVE-2023-30437 | IBM Security Guardium information disclosure | S | |
| CVE-2023-30438 | IBM PowerVM gain access | | |
| CVE-2023-30440 | IBM PowerVM Hypervisor denial of service | | |
| CVE-2023-30441 | IBM Java information disclosure | | |
| CVE-2023-30442 | IBM Db2 denial of service | S | |
| CVE-2023-30443 | IBM Db2 denial of service | | |
| CVE-2023-30444 | IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery | S | |
| CVE-2023-30445 | IBM Db2 denial of service | S | |
| CVE-2023-30446 | IBM Db2 denial of service | S | |
| CVE-2023-30447 | IBM Db2 denial of service | S | |
| CVE-2023-30448 | IBM Db2 denial of service | S | |
| CVE-2023-30449 | IBM Db2 denial of service | S | |
| CVE-2023-30450 | rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example)... | S | |
| CVE-2023-30451 | In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator pane... | | |
| CVE-2023-30452 | The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when ... | | |
| CVE-2023-30453 | The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.... | | |
| CVE-2023-30454 | An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Secu... | | |
| CVE-2023-30455 | An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET ... | | |
| CVE-2023-30456 | An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_6... | S | |
| CVE-2023-30458 | A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality ... | E | |
| CVE-2023-30459 | SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges)... | E | |
| CVE-2023-30463 | Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of ... | E | |
| CVE-2023-30464 | CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses vi... | | |
| CVE-2023-30465 | Apache InLong: SQL injection in apache inLong 1.5.0 | | |
| CVE-2023-30466 | Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR) | S | |
| CVE-2023-30467 | Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR) | S | |
| CVE-2023-30469 | Reflrected Cross Site Scripting Vulnerability in Hitachi Ops Center Analyzer | | |
| CVE-2023-30470 | A use-after-free related to unsound inference in the bytecode generation when optimizations are enab... | S | |
| CVE-2023-30471 | WordPress WP Search Analytics Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30472 | WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30473 | WordPress YML for Yandex Market Plugin <= 3.10.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30474 | WordPress Ultimate Noindex Nofollow Tool II Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-30475 | WordPress Coupon Affiliates Plugin <= 5.4.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30476 | WordPress Blogger Buzz theme <= 1.2.2 - Broken Access Control vulnerability | | |
| CVE-2023-30477 | WordPress AFFILIATE Solution Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30478 | WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-30479 | WordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerability | S | |
| CVE-2023-30480 | WordPress Educenter theme <= 1.5.5 - Broken Access Control | | |
| CVE-2023-30481 | WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30482 | WordPress WPBulky Plugin < 1.0.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30483 | WordPress Watu Quiz Plugin <= 3.3.9.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30484 | WordPress Enable Accessibility Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-30485 | WordPress Avartan Slider Lite Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30486 | WordPress Square theme <= 2.0.0 - Broken Access Control | S | |
| CVE-2023-30487 | WordPress LearnPress Export Import Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30488 | WordPress Featured Post Creative plugin <= 1.2.7 - Broken Access Control vulnerability | S | |
| CVE-2023-30489 | WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30490 | WordPress Easing Slider plugin <= 3.0.8 - Plugin Settings Reset Vulnerability | | |
| CVE-2023-30491 | WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30492 | WordPress Minimum Purchase for WooCommerce Plugin <= 2.0.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30493 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30494 | WordPress ImageRecycle pdf & image compression Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30495 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection | S | |
| CVE-2023-30496 | WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30497 | WordPress LINE Notify Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30498 | WordPress Vimeotheque Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30499 | WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30500 | WordPress WPForms plugins - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2023-30501 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30502 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30503 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30504 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30505 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30506 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30507 | Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30508 | Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30509 | Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface | | |
| CVE-2023-30510 | Authenticated Server-side Request Forgery in Aruba EdgeConnect Enterprise Web Management Interface | | |
| CVE-2023-30512 | CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because Daemo... | M | |
| CVE-2023-30513 | Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with ... | | |
| CVE-2023-30514 | Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace... | | |
| CVE-2023-30515 | Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace... | | |
| CVE-2023-30516 | Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certifi... | | |
| CVE-2023-30517 | Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS cer... | | |
| CVE-2023-30518 | A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attacke... | | |
| CVE-2023-30519 | A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated ... | | |
| CVE-2023-30520 | Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage UR... | | |
| CVE-2023-30521 | A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allow... | | |
| CVE-2023-30522 | A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/R... | | |
| CVE-2023-30523 | Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job co... | | |
| CVE-2023-30524 | Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on t... | | |
| CVE-2023-30525 | A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier al... | | |
| CVE-2023-30526 | A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Ove... | | |
| CVE-2023-30527 | Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the glo... | | |
| CVE-2023-30528 | Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global c... | | |
| CVE-2023-30529 | Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an H... | | |
| CVE-2023-30530 | Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypte... | | |
| CVE-2023-30531 | Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on ... | | |
| CVE-2023-30532 | A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/... | | |
| CVE-2023-30533 | SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other word... | | |
| CVE-2023-30534 | Insecure Deserialization in Cacti | E | |
| CVE-2023-30535 | Snowflake JDBC vulnerable to command injection via SSO URL authentication | | |
| CVE-2023-30536 | Insecure header validation in slim/psr7 | S | |
| CVE-2023-30537 | org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation | E S | |
| CVE-2023-30538 | Stored Cross-site Scripting via improper sanitization of svg files in Discourse | M | |
| CVE-2023-30539 | Users can set up workflows using restricted and invisible system tags in Nextcloud | S | |
| CVE-2023-30540 | Chat poll data can still be queried from API after purging history in Nextcloud talk | S | |
| CVE-2023-30541 | TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts | S | |
| CVE-2023-30542 | GovernorCompatibilityBravo may trim proposal calldata | | |
| CVE-2023-30543 | `chainId` may be outdated if user changes chains as part of connection in @web3-react | S | |
| CVE-2023-30544 | Kiwi TCMS may allow user to update email address to unverified one | | |
| CVE-2023-30545 | PrestaShop arbitrary file read vulnerability | S | |
| CVE-2023-30546 | Contiki-NG has off-by-one error in Antelope DBMS | S | |
| CVE-2023-30547 | Sandbox Escape in vm2 | E S | |
| CVE-2023-30548 | Path traversal vulnerability in gatsby-plugin-sharp | E S | |
| CVE-2023-30549 | Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer | S | |
| CVE-2023-30550 | IDOR vulnerability exists in metersphere | E | |
| CVE-2023-30551 | Rekor's compressed archives can result in OOM conditions | S | |
| CVE-2023-30552 | SQL injection in sql/instance.py endpoint in Archery - GHSL-2022-101 | E M | |
| CVE-2023-30553 | Multiple SQL injections in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-102 | E M | |
| CVE-2023-30554 | SQL injection in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-103 | E M | |
| CVE-2023-30555 | SQL injection in sql_optimize.py explain method in Archery - GHSL-2022-108 | E M | |
| CVE-2023-30556 | SQL injection in sql_optimize.py optimize_sqltuningadvisor method in Archery - GHSL-2022-107 | E M | |
| CVE-2023-30557 | SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106 | E M | |
| CVE-2023-30558 | Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105 | E M | |
| CVE-2023-30559 | Wireless Card Firmware Improperly Signed | | |
| CVE-2023-30560 | PCU Configuration Lacks Authentication | | |
| CVE-2023-30561 | Lack of Cryptographic Security of IUI Bus | M | |
| CVE-2023-30562 | Lack of Dataset Integrity Checking | M | |
| CVE-2023-30563 | Stored Cross-Site Scripting on User Import Functionality | S | |
| CVE-2023-30564 | Stored Cross-Site Scripting on Device Import Functionality | S | |
| CVE-2023-30565 | CQI Data Sniffing | S | |
| CVE-2023-30570 | pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon cras... | M | |
| CVE-2023-30571 | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call ... | | |
| CVE-2023-30575 | Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths | | |
| CVE-2023-30576 | Apache Guacamole: Use-after-free in handling of RDP audio input buffer | | |
| CVE-2023-30577 | AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles arg... | E | |
| CVE-2023-30581 | The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and r... | | |
| CVE-2023-30582 | A vulnerability has been identified in Node.js version 20, affecting users of the experimental permi... | | |
| CVE-2023-30583 | fs.openAsBlob() can bypass the experimental permission model when using the file system read restric... | | |
| CVE-2023-30584 | A vulnerability has been discovered in Node.js version 20, specifically within the experimental perm... | | |
| CVE-2023-30585 | A vulnerability has been identified in the Node.js (.msi version) installation process, specifically... | | |
| CVE-2023-30586 | A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL eng... | | |
| CVE-2023-30587 | A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-pe... | | |
| CVE-2023-30588 | When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() ... | | |
| CVE-2023-30589 | The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to deli... | E S | |
| CVE-2023-30590 | The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (o... | | |
| CVE-2023-30591 | NodeBB Pre-Authentication Denial-of-Service | S | |
| CVE-2023-30601 | Apache Cassandra: Privilege escalation when enabling FQL/Audit logs | | |
| CVE-2023-30602 | Hitron Technologies Inc. CODA-5310 - Insecure service Telnet | S | |
| CVE-2023-30603 | Hitron Technologies Inc. CODA-5310 - Using default credentials | S | |
| CVE-2023-30604 | Hitron Technologies Inc. CODA-5310 - Broken Access Control | S | |
| CVE-2023-30605 | Multiple SQL injections in sql/instance.py param_edit method in Archery - GHSL-2022-104 | E M | |
| CVE-2023-30606 | Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse | | |
| CVE-2023-30607 | icingaweb2-module-jira template and field configuration are susceptible to CSRF | S | |
| CVE-2023-30608 | Parser contains an inefficient regular expression in sqlparse | S | |
| CVE-2023-30609 | matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting | S | |
| CVE-2023-30610 | AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending | | |
| CVE-2023-30611 | Reaction metadata exposed in private topics in Discourse-reactions | S | |
| CVE-2023-30612 | Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor | S | |
| CVE-2023-30613 | Kiwi TCMS unrestricted file upload vulnerability | E | |
| CVE-2023-30614 | Improper Neutralization of Script-Related HTML Tags in a Web Page in pay | S | |
| CVE-2023-30615 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web | | |
| CVE-2023-30616 | Cross Site Request Forgery due to missing nonce verification in form block | S | |
| CVE-2023-30617 | Leverage the kruise-daemon pod to list all secrets in the entire cluster | | |
| CVE-2023-30618 | Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform | S | |
| CVE-2023-30619 | XSS in the tooltip via an artifact title | S | |
| CVE-2023-30620 | Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb | E S | |
| CVE-2023-30621 | OS command injection in Gipsy | S | |
| CVE-2023-30622 | Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation | | |
| CVE-2023-30623 | Arbitrary command injection in embano1/wip | E S | |
| CVE-2023-30624 | Wasmtime has Undefined Behavior in Rust runtime functions | S | |
| CVE-2023-30625 | rudder-server vulnerable to SQL Injection | E S | |
| CVE-2023-30626 | Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution | E S | |
| CVE-2023-30627 | jellyfin-web has a stored cross-site scripting vulnerability in devices.js | E S | |
| CVE-2023-30628 | Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow | E S | |
| CVE-2023-30629 | Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value | E S | |
| CVE-2023-30630 | Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because... | E S | |
| CVE-2023-30631 | Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work | | |
| CVE-2023-30633 | An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can ... | | |
| CVE-2023-30635 | TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get... | E | |
| CVE-2023-30636 | TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAIL... | E | |
| CVE-2023-30637 | Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_serv... | E | |
| CVE-2023-30638 | Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF ... | | |
| CVE-2023-30639 | Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote au... | | |
| CVE-2023-30640 | Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allow... | | |
| CVE-2023-30641 | Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical at... | | |
| CVE-2023-30642 | Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1... | | |
| CVE-2023-30643 | Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows... | | |
| CVE-2023-30644 | Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allo... | | |
| CVE-2023-30645 | Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 ... | | |
| CVE-2023-30646 | Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 ... | | |
| CVE-2023-30647 | Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Releas... | | |
| CVE-2023-30648 | Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Rel... | | |
| CVE-2023-30649 | Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allo... | | |
| CVE-2023-30650 | Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release ... | | |
| CVE-2023-30651 | Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Releas... | | |
| CVE-2023-30652 | Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Re... | | |
| CVE-2023-30653 | Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Releas... | | |
| CVE-2023-30654 | Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows loc... | | |
| CVE-2023-30655 | Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local ... | | |
| CVE-2023-30656 | Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attack... | | |
| CVE-2023-30657 | Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1... | | |
| CVE-2023-30658 | Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local ... | | |
| CVE-2023-30659 | Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local ... | | |
| CVE-2023-30660 | Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior t... | | |
| CVE-2023-30661 | Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SM... | | |
| CVE-2023-30662 | Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR ... | | |
| CVE-2023-30663 | Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-... | | |
| CVE-2023-30664 | Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows l... | | |
| CVE-2023-30665 | Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Rele... | | |
| CVE-2023-30666 | Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023... | | |
| CVE-2023-30667 | Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to s... | | |
| CVE-2023-30668 | Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 a... | | |
| CVE-2023-30669 | Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release... | | |
| CVE-2023-30670 | Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 ... | | |
| CVE-2023-30671 | Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local att... | | |
| CVE-2023-30672 | Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to v... | | |
| CVE-2023-30673 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1... | | |
| CVE-2023-30674 | Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass Same... | | |
| CVE-2023-30675 | Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access st... | | |
| CVE-2023-30676 | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical atta... | | |
| CVE-2023-30677 | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical atta... | | |
| CVE-2023-30678 | Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in An... | | |
| CVE-2023-30679 | Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to e... | | |
| CVE-2023-30680 | Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code ... | | |
| CVE-2023-30681 | An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SM... | | |
| CVE-2023-30682 | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call si... | | |
| CVE-2023-30683 | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call en... | | |
| CVE-2023-30684 | Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to... | | |
| CVE-2023-30685 | Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakc... | | |
| CVE-2023-30686 | Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacke... | | |
| CVE-2023-30687 | Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacke... | | |
| CVE-2023-30688 | Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local... | | |
| CVE-2023-30689 | Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Relea... | | |
| CVE-2023-30690 | Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attacker... | | |
| CVE-2023-30691 | Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to pri... | | |
| CVE-2023-30692 | Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local at... | | |
| CVE-2023-30693 | Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Rele... | | |
| CVE-2023-30694 | Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows lo... | | |
| CVE-2023-30695 | Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - Syst... | | |
| CVE-2023-30696 | An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 all... | | |
| CVE-2023-30697 | An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Releas... | | |
| CVE-2023-30698 | Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local at... | | |
| CVE-2023-30699 | Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 ... | | |
| CVE-2023-30700 | PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Rel... | | |
| CVE-2023-30701 | PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker... | | |
| CVE-2023-30702 | Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Ha... | | |
| CVE-2023-30703 | Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers... | | |
| CVE-2023-30704 | Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical ... | | |
| CVE-2023-30705 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local atta... | | |
| CVE-2023-30706 | Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read a... | | |
| CVE-2023-30707 | Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to S... | | |
| CVE-2023-30708 | Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Cap... | | |
| CVE-2023-30709 | Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers lau... | | |
| CVE-2023-30710 | Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local atta... | | |
| CVE-2023-30711 | Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to ins... | | |
| CVE-2023-30712 | Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers t... | | |
| CVE-2023-30713 | Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-20... | | |
| CVE-2023-30714 | Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-... | | |
| CVE-2023-30715 | Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to... | | |
| CVE-2023-30716 | Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers t... | | |
| CVE-2023-30717 | Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows atta... | | |
| CVE-2023-30718 | Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity... | | |
| CVE-2023-30719 | Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1... | | |
| CVE-2023-30720 | PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attack... | | |
| CVE-2023-30721 | Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Rele... | | |
| CVE-2023-30722 | Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.... | | |
| CVE-2023-30723 | Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attacke... | | |
| CVE-2023-30724 | Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attack... | | |
| CVE-2023-30725 | Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to acc... | | |
| CVE-2023-30726 | PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attacke... | | |
| CVE-2023-30727 | Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attacker... | | |
| CVE-2023-30728 | Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local att... | | |
| CVE-2023-30729 | Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to... | | |
| CVE-2023-30730 | Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.0... | | |
| CVE-2023-30731 | Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows phys... | | |
| CVE-2023-30732 | Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to ... | | |
| CVE-2023-30733 | Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows lo... | | |
| CVE-2023-30734 | Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers... | | |
| CVE-2023-30735 | Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local a... | | |
| CVE-2023-30736 | Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows atta... | | |
| CVE-2023-30737 | Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers... | | |
| CVE-2023-30738 | An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Bo... | | |
| CVE-2023-30739 | Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows l... | | |
| CVE-2023-30740 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2023-30741 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2023-30742 | Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | | |
| CVE-2023-30743 | Improper Neutralization of Input in SAPUI5 | | |
| CVE-2023-30744 | Improper access control during application start-up in SAP AS NetWeaver JAVA. | | |
| CVE-2023-30745 | WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30746 | WordPress Booqable Rental Plugin Plugin <= 2.4.15 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30747 | WordPress WooCommerce Easy Duplicate Product Plugin <= 0.3.0.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30748 | WordPress Easy Appointments plugin <= 3.10.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2023-30749 | WordPress Optima Express + MarketBoost IDX Plugin Plugin <= 7.3.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30750 | WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection | S | |
| CVE-2023-30751 | WordPress Article Directory Redux Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30752 | WordPress External Videos Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30753 | WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30754 | WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30755 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < ... | | |
| CVE-2023-30756 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < ... | | |
| CVE-2023-30757 | A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All ve... | | |
| CVE-2023-30758 | Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated ... | E S | |
| CVE-2023-30759 | The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to de... | | |
| CVE-2023-30760 | Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in v... | | |
| CVE-2023-30762 | Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerabil... | M | |
| CVE-2023-30763 | Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privilege... | S | |
| CVE-2023-30764 | OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability... | M | |
| CVE-2023-30765 | Delta Electronics InfraSuite Device Master Improper Access Control | S | |
| CVE-2023-30766 | Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is expl... | M | |
| CVE-2023-30767 | Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow... | | |
| CVE-2023-30768 | Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board... | M | |
| CVE-2023-30769 | Rab13s Exploit | S | |
| CVE-2023-30770 | A stack-based buffer overflow vulnerability was found in the ADM | S | |
| CVE-2023-30771 | Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench | | |
| CVE-2023-30772 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/sup... | S | |
| CVE-2023-30774 | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via ... | E | |
| CVE-2023-30775 | A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow i... | | |
| CVE-2023-30776 | Apache Superset: Database connection password leak | | |
| CVE-2023-30777 | WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-30778 | WordPress PowerPress Podcasting Plugin <= 10.0.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30779 | WordPress Query Wrangler Plugin <= 1.5.51 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30780 | WordPress User IP and Location Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30781 | WordPress Tweeple Plugin <= 0.9.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30782 | WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30783 | WordPress Smart WooCommerce Search plugin <= 2.5.0 - Broken Access Control | S | |
| CVE-2023-30784 | WordPress Kaya QR Code Generator Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30785 | WordPress Video Grid Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30786 | WordPress Captcha Them All Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30787 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the appl... | E | |
| CVE-2023-30788 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the appl... | E | |
| CVE-2023-30789 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the appl... | E | |
| CVE-2023-30790 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the appl... | E | |
| CVE-2023-30791 | Plane 0.7.1 - Insecure file upload | E | |
| CVE-2023-30792 | Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site ... | | |
| CVE-2023-30795 | A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < ... | S | |
| CVE-2023-30796 | A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < ... | | |
| CVE-2023-30797 | Insecure Random Generation in Netflix Lemur | S | |
| CVE-2023-30798 | MultipartParser DOS with too many fields or files in Starlette Framework | S | |
| CVE-2023-30799 | MikroTik RouterOS Administrator Privilege Escalation | E | |
| CVE-2023-30800 | MikroTik RouterOS Web Interface Heap Corruption | E | |
| CVE-2023-30801 | qBittorrent Web UI Default Credentials Lead to RCE | | |
| CVE-2023-30802 | Sangfor Next-Gen Application Firewall Source Code Disclosure | E | |
| CVE-2023-30803 | Sangfor Next-Gen Application Firewall Authentication Bypass | E | |
| CVE-2023-30804 | Sangfor Next-Gen Application Firewall Authenticated File Disclosure | E | |
| CVE-2023-30805 | Sangfor Next-Gen Application Firewall Login Un Param Command Injection | E | |
| CVE-2023-30806 | Sangfor Next-Gen Application Firewall PHPSESSID Command Injection | E | |
| CVE-2023-30837 | Vyper storage allocator overflow | E S | |
| CVE-2023-30838 | PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method | S | |
| CVE-2023-30839 | PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager" | S | |
| CVE-2023-30840 | On a compromised node, the fluid-csi service account can be used to modify node specs | S | |
| CVE-2023-30841 | Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps | E S | |
| CVE-2023-30842 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-25313. Reason: This candidat... | R | |
| CVE-2023-30843 | Payload's hidden fields can be leaked on readable collections | M | |
| CVE-2023-30844 | Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints | | |
| CVE-2023-30845 | ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header | S | |
| CVE-2023-30846 | typed-rest-client vulnerable to potential leak of authentication data to 3rd parties | S | |
| CVE-2023-30847 | H2O vulnerable to read from uninitialized pointer in the reverse proxy handler | S | |
| CVE-2023-30848 | Pimcore SQL Injection Vulnerability in Admin Search Find API | S | |
| CVE-2023-30849 | Pimcore vulnerable to SQL Injection in Translation Export API | S | |
| CVE-2023-30850 | Pimcore SQL Injection Vulnerability in Admin Translations API | S | |
| CVE-2023-30851 | Potential HTTP policy bypass when using header rules in Cilium | | |
| CVE-2023-30852 | Pimcore Arbitrary File Read in Admin JS CSS files | S | |
| CVE-2023-30853 | Gradle Build Action data written to GitHub Actions Cache may expose secrets | | |
| CVE-2023-30854 | WWBN AVideo vulnerable to OS Command Injection | E | |
| CVE-2023-30855 | Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php | S | |
| CVE-2023-30856 | eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution | | |
| CVE-2023-30857 | @aedart/support possibly vulnerable to prototype pollution in metadata record, when using meta decorator | S | |
| CVE-2023-30858 | Denosaurs emoji has ReDoS vulnerability in `replace` function | E S | |
| CVE-2023-30859 | Spigot Command Exploit in Triton | E | |
| CVE-2023-30860 | https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm | E | |
| CVE-2023-30861 | Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header | S | |
| CVE-2023-30863 | In Connectivity Service, there is a possible missing permission check. This could lead to local esca... | | |
| CVE-2023-30864 | In Connectivity Service, there is a possible missing permission check. This could lead to local esca... | | |
| CVE-2023-30865 | In dialer service, there is a missing permission check. This could lead to local information disclos... | | |
| CVE-2023-30866 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30867 | Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability | | |
| CVE-2023-30868 | WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30869 | WordPress Easy Digital Downloads Plugin 3.1-3.1.1.4.1 is vulnerable to Privilege Escalation | S | |
| CVE-2023-30870 | WordPress Sharkdropship for AliExpress Dropship and Affiliate plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities | S | |
| CVE-2023-30871 | WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30872 | WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection | S | |
| CVE-2023-30873 | WordPress WP Docs plugin <= 1.9.8 - Broken Access Control | S | |
| CVE-2023-30874 | WordPress GPS Plotter Plugin <= 5.1.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30875 | WordPress Logo Scheduler Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30876 | WordPress Dave's WordPress Live Search Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-30877 | WordPress XML for Google Merchant Center Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-30897 | A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applicatio... | S | |
| CVE-2023-30898 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14),... | | |
| CVE-2023-30899 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14),... | | |
| CVE-2023-30900 | A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected a... | | |
| CVE-2023-30901 | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SI... | S | |
| CVE-2023-30902 | A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent cou... | S | |
| CVE-2023-30903 | HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is ... | | |
| CVE-2023-30904 | A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privile... | | |
| CVE-2023-30905 | The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited... | | |
| CVE-2023-30906 | The vulnerability could be locally exploited to allow escalation of privilege. ... | S | |
| CVE-2023-30908 | A remote authentication bypass issue exists in a OneView API. ... | | |
| CVE-2023-30909 | A remote authentication bypass issue exists in some OneView APIs. ... | | |
| CVE-2023-30910 | HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent inte... | | |
| CVE-2023-30911 | HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.... | | |
| CVE-2023-30912 | A remote code execution issue exists in HPE OneView. ... | | |
| CVE-2023-30913 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30914 | In email service, there is a missing permission check. This could lead to local information disclosu... | | |
| CVE-2023-30915 | In email service, there is a missing permission check. This could lead to local information disclosu... | | |
| CVE-2023-30916 | In DMService, there is a possible missing permission check. This could lead to local escalation of p... | | |
| CVE-2023-30917 | In DMService, there is a possible missing permission check. This could lead to local escalation of p... | | |
| CVE-2023-30918 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30919 | In messaging service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30920 | In messaging service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30921 | In messaging service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30922 | In messaging service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30923 | In messaging service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30924 | In messaging service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30925 | In opm service, there is a missing permission check. This could lead to local information disclosure... | | |
| CVE-2023-30926 | In opm service, there is a missing permission check. This could lead to local information disclosure... | | |
| CVE-2023-30927 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30928 | In telephony service, there is a possible missing permission check. This could lead to local escalat... | | |
| CVE-2023-30929 | In telephony service, there is a possible missing permission check. This could lead to local escalat... | | |
| CVE-2023-30930 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30931 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30932 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30933 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30934 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30935 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30936 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30937 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30938 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30939 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30940 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30941 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30942 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-30943 | Moodle: tinymce loaders susceptible to arbitrary folder creation | S | |
| CVE-2023-30944 | Moodle: minor sql injection risk in external wiki method for listing pages | S | |
| CVE-2023-30945 | CVE-2023-30945 | | |
| CVE-2023-30946 | Issues notification metadata lacks authorization | | |
| CVE-2023-30948 | Retrieval of Attachments to Comments lacks Authorization | | |
| CVE-2023-30949 | CVE-2023-30949 | | |
| CVE-2023-30950 | CVE-2023-30950 | M | |
| CVE-2023-30951 | CVE-2023-30951 | M | |
| CVE-2023-30952 | Foundry Issues reporterPath phishing by parameter injection | | |
| CVE-2023-30954 | Gotham Video Broken Authentication | | |
| CVE-2023-30955 | Foundry workspace-server Developer Mode Authorization Bypass | | |
| CVE-2023-30956 | IDOR in Foundry Comments allows retrieval of attachments | | |
| CVE-2023-30958 | DOM XSS in Developer mode dashboard via redirect GET parameter | | |
| CVE-2023-30959 | Stored XSS via javascript URI in Apollo Change Requests comment | | |
| CVE-2023-30960 | Insecure Direct Object Reference (IDOR) in Foundry job-tracker | | |
| CVE-2023-30961 | Palantir Gotham UI bug that could lead to incorrect data classification | | |
| CVE-2023-30962 | Stored XSS in cerberus attachments | | |
| CVE-2023-30963 | Stored XSS in Foundry Slate Query Dropdown menu | | |
| CVE-2023-30967 | Gotham Orbital Simulator path traversal | | |
| CVE-2023-30968 | Stored XSS in gaia | | |
| CVE-2023-30969 | Palantir Tiles missing authentication on API endpoints | | |
| CVE-2023-30970 | Gotham table and Forward App Path traversal | | |
| CVE-2023-30985 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edg... | | |
| CVE-2023-30986 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edg... | | |
| CVE-2023-30987 | IBM Db2 denial of service | S | |
| CVE-2023-30988 | IBM i privilege escalation | S | |
| CVE-2023-30989 | IBM i privilege escalation | S | |
| CVE-2023-30990 | IBM i command execution | S | |
| CVE-2023-30991 | IBM Db2 denial of service | S | |
| CVE-2023-30993 | IBM Cloud Pak for Security information disclosure | S | |
| CVE-2023-30994 | IBM QRadar SIEM information disclosure | S | |
| CVE-2023-30995 | IBM Aspera Faspex improper access control | S | |
| CVE-2023-30996 | IBM Cognos Analytics cross-origin resource sharing | | |
| CVE-2023-30997 | IBM Security Access Manager Docker privilege escalation | | |
| CVE-2023-30998 | IBM Security Access Manager Docker privilege escalation | | |
| CVE-2023-30999 | IBM Security Access Manager denial of service | S |