| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-31001 | IBM Security Access Manager Container information disclosure | S | |
| CVE-2023-31002 | IBM Security Access Manager Container information disclosure | S | |
| CVE-2023-31003 | IBM Security Access Manager Container privilege escalation | S | |
| CVE-2023-31004 | IBM Security Access Manager Container gain access | S | |
| CVE-2023-31005 | IBM Security Access Manager Container privilege escalation | S | |
| CVE-2023-31006 | IBM Security Access Manager Container denial of service | S | |
| CVE-2023-31007 | Apache Pulsar: Broker does not always disconnect client when authentication data expires | | |
| CVE-2023-31008 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input val... | | |
| CVE-2023-31009 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improp... | | |
| CVE-2023-31010 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input val... | | |
| CVE-2023-31011 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause imprope... | | |
| CVE-2023-31012 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause imprope... | | |
| CVE-2023-31013 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improp... | | |
| CVE-2023-31014 | NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a mali... | | |
| CVE-2023-31015 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as impr... | | |
| CVE-2023-31016 | CVE | | |
| CVE-2023-31017 | CVE | | |
| CVE-2023-31018 | CVE | | |
| CVE-2023-31019 | CVE | | |
| CVE-2023-31020 | CVE | | |
| CVE-2023-31021 | CVE | | |
| CVE-2023-31022 | CVE | | |
| CVE-2023-31023 | CVE | | |
| CVE-2023-31024 | CVE | | |
| CVE-2023-31025 | CVE | | |
| CVE-2023-31026 | CVE | | |
| CVE-2023-31027 | CVE | | |
| CVE-2023-31028 | NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input valid... | | |
| CVE-2023-31029 | CVE | | |
| CVE-2023-31030 | CVE | | |
| CVE-2023-31031 | CVE | | |
| CVE-2023-31032 | CVE | | |
| CVE-2023-31033 | CVE | | |
| CVE-2023-31034 | CVE | | |
| CVE-2023-31035 | CVE | | |
| CVE-2023-31036 | CVE | | |
| CVE-2023-31037 | NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user ... | | |
| CVE-2023-31038 | Apache Log4cxx: SQL injection when using ODBC appender | E | |
| CVE-2023-31039 | Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution | S | |
| CVE-2023-31041 | An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System pa... | | |
| CVE-2023-31042 | FlashBlade Object Store Protocol | S | |
| CVE-2023-31043 | EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situatio... | | |
| CVE-2023-31045 | A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 ... | E | |
| CVE-2023-31046 | A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Un... | | |
| CVE-2023-31047 | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass valid... | | |
| CVE-2023-31048 | The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an er... | | |
| CVE-2023-31056 | CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is ... | M | |
| CVE-2023-31058 | Apache InLong: JDBC URL bypassing by adding blanks | | |
| CVE-2023-31059 | Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain crede... | E | |
| CVE-2023-31060 | Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-202... | E | |
| CVE-2023-31061 | Repetier Server through 1.4.10 does not have CSRF protection.... | E | |
| CVE-2023-31062 | Apache InLong: Privilege escalation vulnerability for InLong | | |
| CVE-2023-31064 | Apache InLong: Insecurity direct object references cancelling applications | | |
| CVE-2023-31065 | Apache InLong: Insufficient Session Expiration in InLong | | |
| CVE-2023-31066 | Apache InLong: Insecure direct object references for inlong sources | | |
| CVE-2023-31067 | An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permission... | E | |
| CVE-2023-31068 | An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permission... | | |
| CVE-2023-31069 | An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as clearte... | | |
| CVE-2023-31071 | WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31072 | WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability | S | |
| CVE-2023-31074 | WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31075 | WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-31076 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31077 | WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-31078 | WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-31079 | WordPress Tippy Plugin <= 6.2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-31080 | WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability | S | |
| CVE-2023-31081 | An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. ... | | |
| CVE-2023-31082 | An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function... | | |
| CVE-2023-31083 | An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_io... | | |
| CVE-2023-31084 | An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a... | | |
| CVE-2023-31085 | An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero... | | |
| CVE-2023-31086 | WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-31087 | WordPress JS Job Manager Plugin <=2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-31088 | WordPress Floating Action Button Plugin <=1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-31089 | WordPress Video XML Sitemap Generator Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-31090 | WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability | S | |
| CVE-2023-31091 | WordPress Dynamically Register Sidebars Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-31092 | WordPress Easy Bet Plugin <= 1.0.2 is vulnerable to SQL Injection | | |
| CVE-2023-31093 | WordPress Chronosly Events Calendar Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-31094 | WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31095 | WordPress Integration for Contact Form 7 HubSpot Plugin <= 1.2.8 is vulnerable to Open Redirection | S | |
| CVE-2023-31096 | An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka ... | E | |
| CVE-2023-31098 | Apache InLong: Weak Password Implementation in InLong | | |
| CVE-2023-31099 | Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execu... | | |
| CVE-2023-31100 | Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI... | | |
| CVE-2023-31101 | Apache InLong: Users who joined later can see the data of deleted users | | |
| CVE-2023-31102 | Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7... | | |
| CVE-2023-31103 | Apache InLong: Attackers can change the immutable name and type of cluster | | |
| CVE-2023-31114 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrec... | | |
| CVE-2023-31115 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrec... | | |
| CVE-2023-31116 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incor... | | |
| CVE-2023-31122 | Apache HTTP Server: mod_macro buffer over-read | | |
| CVE-2023-31123 | effectindex/tripreporter vulnerable to improper password verification on POST `/api/v1/account/login` | S | |
| CVE-2023-31124 | AutoTools does not set CARES_RANDOM_FILE during cross compilation | | |
| CVE-2023-31125 | Uncaught exception in engine.io | S | |
| CVE-2023-31126 | Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml | S | |
| CVE-2023-31127 | DMTF-2023-0001: SPDM mutual authentication bypass | S | |
| CVE-2023-31128 | NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection | E S | |
| CVE-2023-31129 | Contiki-NG missing NULL pointer check in IPv6 neighbor discovery | S | |
| CVE-2023-31130 | Buffer Underwrite in ares_inet_net_pton() | | |
| CVE-2023-31131 | Arbitrary File Write when Extracting Tarballs in greenplum-db | S | |
| CVE-2023-31132 | Cacti Privilege Escalation | E | |
| CVE-2023-31133 | Ghost vulnerable to disclosure of private API fields | S | |
| CVE-2023-31134 | Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites | S | |
| CVE-2023-31135 | Dgraph Audit Log Encryption nonce reuse | S | |
| CVE-2023-31136 | PostgresNIO processes unencrypted bytes from man-in-the-middle | S | |
| CVE-2023-31137 | MaraDNS Integer Underflow Vulnerability in DNS Packet Decompression | S | |
| CVE-2023-31138 | DHIS2 Core vulnerable to Improper Access Control with PATCH requests | | |
| CVE-2023-31139 | DHIS2 Core unrestricted session cookies with Personal Access Tokens | | |
| CVE-2023-31140 | OpenProject user sessions not terminated after activation of 2FA | E S | |
| CVE-2023-31141 | OpenSearch issue with fine-grained access control during extremely rare race conditions | | |
| CVE-2023-31142 | Discourse's general category permissions could be set back to default | | |
| CVE-2023-31143 | Mage terminal user authentication not working properly | S | |
| CVE-2023-31144 | Craft CMS vulnerable to cross site scripting in RSS feed widget | S | |
| CVE-2023-31145 | Reflected XSS vulnerability in CollaboraOnline | | |
| CVE-2023-31146 | Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment | E S | |
| CVE-2023-31147 | Insufficient randomness in generation of DNS query IDs in c-ares | | |
| CVE-2023-31148 | Improper Input Validation in Web Interface | | |
| CVE-2023-31149 | Improper Input Validation in Web Interface | | |
| CVE-2023-31150 | Storing Passwords in a Recoverable Format | | |
| CVE-2023-31151 | Improper Certificate Validation | | |
| CVE-2023-31152 | Authentication Bypass Using an Alternate Path or Channel | | |
| CVE-2023-31153 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31154 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31155 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31156 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31157 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31158 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31159 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31160 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31161 | Improper Input Validation in Web Interface | | |
| CVE-2023-31162 | Improper Input Validation in Web Interface | | |
| CVE-2023-31163 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31164 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31165 | Improper Neutralization of Input During Web Page Generation | | |
| CVE-2023-31166 | Improper Limitation of a Pathname to a Restricted Directory | | |
| CVE-2023-31167 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | | |
| CVE-2023-31168 | Inclusion of Functionality from Untrusted Control Sphere | | |
| CVE-2023-31169 | Improper Handling of Unicode Encoding | | |
| CVE-2023-31170 | Inclusion of Functionality from Untrusted Control Sphere | | |
| CVE-2023-31171 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | | |
| CVE-2023-31172 | Incomplete Filtering of Special Elements | | |
| CVE-2023-31173 | Use of Hard-coded Credentials | | |
| CVE-2023-31174 | Cross-Site Request Forgery (CSRF) | | |
| CVE-2023-31175 | Execution with Unnecessary Privileges | | |
| CVE-2023-31176 | Insufficient entropy vulnerability could lead to authentication bypass | | |
| CVE-2023-31177 | Improper neutralizataion of input could lead to execution of arbitrary code | | |
| CVE-2023-31178 | AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete | S | |
| CVE-2023-31179 | AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal | S | |
| CVE-2023-31180 | WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) | S | |
| CVE-2023-31181 | WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal | S | |
| CVE-2023-31182 | EasyTor Applications – Authorization Bypass | S | |
| CVE-2023-31183 | Cybonet PineApp Mail Secure RXSS vulnerability | S | |
| CVE-2023-31184 | ROZCOM client | | |
| CVE-2023-31185 | ROZCOM server framework | | |
| CVE-2023-31186 | Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy | | |
| CVE-2023-31187 | Avaya IX Workforce Engagement - CWE-522: Insufficiently Protected Credentials | | |
| CVE-2023-31188 | Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS co... | | |
| CVE-2023-31189 | Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may... | | |
| CVE-2023-31190 | Missing TLS (HTTPS) certificate validation during firmware update in DroneScout ds230 Remote ID receiver from BlueMark Innovations | | |
| CVE-2023-31191 | Denial of Service due to loss of information in DroneScout ds230 Remote ID receiver from BlueMark Innovations | | |
| CVE-2023-31192 | An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN... | E S | |
| CVE-2023-31193 | Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program... | S | |
| CVE-2023-31194 | An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of D... | E | |
| CVE-2023-31195 | ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'S... | | |
| CVE-2023-31196 | Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attack... | M | |
| CVE-2023-31197 | Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 m... | | |
| CVE-2023-31198 | OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploite... | M | |
| CVE-2023-31199 | Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow... | S | |
| CVE-2023-31200 | PTC Vuforia Studio Cross-Site Request Forgery | S | |
| CVE-2023-31203 | Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Dis... | | |
| CVE-2023-31206 | Apache InLong: Attackers can change the immutable name and type of nodes | | |
| CVE-2023-31207 | Automation user secret logged to Apache access log | | |
| CVE-2023-31208 | Livestatus command injection in RestAPI | | |
| CVE-2023-31209 | Command injection via active checks and REST API | | |
| CVE-2023-31210 | Privilege escalation in agent via LD_LIBRARY_PATH | | |
| CVE-2023-31211 | Disabled automation users could still authenticate | S | |
| CVE-2023-31212 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection | S | |
| CVE-2023-31213 | WordPress WPBakery Page Builder Plugin < 6.13.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31214 | WordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerability | S | |
| CVE-2023-31215 | WordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File Upload | | |
| CVE-2023-31216 | WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-31217 | WordPress User Location and IP Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-31218 | WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2023-31219 | WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-31220 | WordPress WP Categories Widget Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-31221 | WordPress PDQ CSV Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-31222 | Medtronic Paceart MSMQ Deserialization of Untrusted Data | S | |
| CVE-2023-31223 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.... | | |
| CVE-2023-31224 | There is broken access control during authentication in Jamf Pro Server before 10.46.1.... | | |
| CVE-2023-31225 | The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may... | | |
| CVE-2023-31226 | The SDK for the MediaPlaybackController module has improper permission verification. Successful expl... | | |
| CVE-2023-31227 | The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of th... | | |
| CVE-2023-31228 | WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31229 | WordPress WP Directory Kit Plugin <= 1.1.9 is vulnerable to Open Redirection | S | |
| CVE-2023-31230 | WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-31231 | WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-31232 | WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31233 | WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-31234 | WordPress Tilda Publishing plugin <= 0.3.23 - Broken Access Control vulnerability | S | |
| CVE-2023-31235 | WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-31236 | WordPress Scripts n Styles Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-31237 | WordPress Zephyr Project Manager Plugin <= 3.3.9 is vulnerable to Open Redirection | S | |
| CVE-2023-31238 | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SI... | S | |
| CVE-2023-31239 | Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earl... | | |
| CVE-2023-31240 | Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both fr... | S | |
| CVE-2023-31241 | Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim dev... | S | |
| CVE-2023-31242 | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Sof... | E | |
| CVE-2023-31244 | The affected product does not properly validate user-supplied data. If a user ope... | S | |
| CVE-2023-31245 | Devices using Snap One OvrC cloud are sent to a web address when accessing ... | S | |
| CVE-2023-31246 | Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allo... | S | |
| CVE-2023-31247 | A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Wes... | E | |
| CVE-2023-31248 | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability | S | |
| CVE-2023-31250 | Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 | | |
| CVE-2023-31271 | Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authen... | | |
| CVE-2023-31272 | A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 ... | | |
| CVE-2023-31273 | Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthentica... | S | |
| CVE-2023-31274 | Missing Release of Resource after Effective Lifetime vulnerability in Aveva PI Server | S | |
| CVE-2023-31275 | An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 th... | | |
| CVE-2023-31276 | Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Bo... | | |
| CVE-2023-31277 | PiiGAB M-Bus Unprotected Transport of Credentials | S | |
| CVE-2023-31278 | Horner Automation Cscape Out-of-bounds Read | S | |
| CVE-2023-31279 | Improper Authentication | | |
| CVE-2023-31280 | Exposure of Sensitive Information to an Unauthorized Actor | | |
| CVE-2023-31284 | illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege es... | | |
| CVE-2023-31285 | An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temp... | S | |
| CVE-2023-31286 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset requ... | S | |
| CVE-2023-31287 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are s... | S | |
| CVE-2023-31289 | Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers t... | | |
| CVE-2023-31290 | Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows... | E S | |
| CVE-2023-31292 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows loc... | | |
| CVE-2023-31293 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows rem... | | |
| CVE-2023-31294 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718)... | | |
| CVE-2023-31295 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718)... | | |
| CVE-2023-31296 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718)... | | |
| CVE-2023-31297 | An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. The... | | |
| CVE-2023-31298 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6... | | |
| CVE-2023-31299 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6... | | |
| CVE-2023-31300 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), al... | | |
| CVE-2023-31301 | Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) ve... | | |
| CVE-2023-31302 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (... | | |
| CVE-2023-31304 | Improper input validation in SMU may allow an attacker with privileges and a compromised physical fu... | | |
| CVE-2023-31305 | Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) ma... | | |
| CVE-2023-31307 | Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attack... | | |
| CVE-2023-31310 | Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges ... | | |
| CVE-2023-31315 | Improper validation in a model specific register (MSR) could allow a malicious program with ring0 ac... | | |
| CVE-2023-31320 | Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corru... | | |
| CVE-2023-31331 | Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple d... | | |
| CVE-2023-31339 | Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may... | | |
| CVE-2023-31341 | Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an a... | | |
| CVE-2023-31342 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, pot... | | |
| CVE-2023-31343 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, pot... | | |
| CVE-2023-31345 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, pot... | | |
| CVE-2023-31346 | Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data fr... | | |
| CVE-2023-31347 | Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a ... | | |
| CVE-2023-31348 | A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, ... | | |
| CVE-2023-31349 | Incorrect default permissions in the AMD μProf installation directory could allow an attacker to ach... | | |
| CVE-2023-31352 | A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentia... | | |
| CVE-2023-31355 | Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overw... | | |
| CVE-2023-31356 | Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest ... | | |
| CVE-2023-31358 | A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privil... | | |
| CVE-2023-31359 | Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privil... | | |
| CVE-2023-31360 | Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Serv... | | |
| CVE-2023-31361 | A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service ... | | |
| CVE-2023-31366 | Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid addr... | | |
| CVE-2023-31403 | Improper Access Control vulnerability in SAP Business One product installation | | |
| CVE-2023-31404 | Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service) | | |
| CVE-2023-31405 | Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) | | |
| CVE-2023-31406 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2023-31407 | Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation | | |
| CVE-2023-31408 | Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1... | M | |
| CVE-2023-31409 | Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1... | M | |
| CVE-2023-31410 | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to th... | M | |
| CVE-2023-31411 | A remote unprivileged attacker can modify and access configuration settings on the EventCam App due ... | M | |
| CVE-2023-31412 | The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an att... | M | |
| CVE-2023-31413 | Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http reques... | | |
| CVE-2023-31414 | Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write... | | |
| CVE-2023-31415 | Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to t... | | |
| CVE-2023-31416 | Elastic Cloud on Kubernetes (ECK) secret token configuration issue | | |
| CVE-2023-31417 | Elasticsearch Insertion of sensitive information in audit logs | | |
| CVE-2023-31418 | Elasticsearch uncontrolled resource consumption | | |
| CVE-2023-31419 | Elasticsearch StackOverflow vulnerability | | |
| CVE-2023-31421 | Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue | | |
| CVE-2023-31422 | Kibana Insertion of Sensitive Information into Log File | | |
| CVE-2023-31423 | Possible information exposure through log file vulnerability | | |
| CVE-2023-31424 | Web authentication and authorization bypass | | |
| CVE-2023-31425 | Privilege escalation via the fosexec command | | |
| CVE-2023-31426 | scp, sftp, ftp servers passwords in supportsave | | |
| CVE-2023-31427 | Knowledge of full path name | | |
| CVE-2023-31428 | CLI allows upload or transfer files of dangerous types | | |
| CVE-2023-31429 | Multiple commands print sensitive information in the terminal | | |
| CVE-2023-31430 | buffer overflow vulnerability in “secpolicydelete” command | | |
| CVE-2023-31431 | A buffer overflow vulnerability in “diagstatus” command | | |
| CVE-2023-31432 | Privilege issues in multiple commands | | |
| CVE-2023-31433 | A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow... | E | |
| CVE-2023-31434 | The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID i... | E | |
| CVE-2023-31435 | Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen,... | E | |
| CVE-2023-31436 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds wr... | S | |
| CVE-2023-31437 | An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some ... | | |
| CVE-2023-31438 | An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume l... | | |
| CVE-2023-31439 | An issue was discovered in systemd 253. An attacker can modify the contents of past events in a seal... | S | |
| CVE-2023-31441 | In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker ... | E | |
| CVE-2023-31442 | In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitive... | | |
| CVE-2023-31444 | In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenti... | | |
| CVE-2023-31445 | Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information... | E | |
| CVE-2023-31446 | In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl paramet... | E | |
| CVE-2023-31447 | user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices... | | |
| CVE-2023-31448 | A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier ver... | | |
| CVE-2023-31449 | A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earl... | | |
| CVE-2023-31450 | A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier... | | |
| CVE-2023-31452 | A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier ver... | | |
| CVE-2023-31453 | Apache InLong: IDOR make users can delete others' subscription | | |
| CVE-2023-31454 | Apache InLong: IDOR make users can bind any cluster | | |
| CVE-2023-31455 | Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trig... | | |
| CVE-2023-31456 | There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, wher... | | |
| CVE-2023-31457 | A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.... | | |
| CVE-2023-31458 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500... | | |
| CVE-2023-31459 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.... | | |
| CVE-2023-31460 | A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 an... | | |
| CVE-2023-31461 | Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that... | E | |
| CVE-2023-31462 | An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted da... | E | |
| CVE-2023-31465 | An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from v... | E | |
| CVE-2023-31466 | An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add... | E | |
| CVE-2023-31468 | An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%... | E | |
| CVE-2023-31469 | Apache StreamPipes: Privilege escalation through non-admin user | | |
| CVE-2023-31470 | SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer ove... | E S | |
| CVE-2023-31471 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, ... | E | |
| CVE-2023-31472 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which a... | E | |
| CVE-2023-31473 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which a... | E | |
| CVE-2023-31474 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, ... | E | |
| CVE-2023-31475 | An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil... | E | |
| CVE-2023-31476 | An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file... | E | |
| CVE-2023-31477 | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feat... | E | |
| CVE-2023-31478 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about t... | E | |
| CVE-2023-31483 | tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extra... | E S | |
| CVE-2023-31484 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.... | E S | |
| CVE-2023-31485 | GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, en... | S | |
| CVE-2023-31486 | HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an in... | S | |
| CVE-2023-31488 | Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort ... | | |
| CVE-2023-31489 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via t... | E S | |
| CVE-2023-31490 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via t... | E | |
| CVE-2023-31492 | Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the acco... | E | |
| CVE-2023-31493 | RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .ph... | E | |
| CVE-2023-31497 | Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all vers... | E | |
| CVE-2023-31498 | A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a r... | E M | |
| CVE-2023-31502 | Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vuln... | E | |
| CVE-2023-31505 | An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers... | E | |
| CVE-2023-31506 | A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authent... | E | |
| CVE-2023-31508 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2020-15178. Reason: This record is a du... | R | |
| CVE-2023-31517 | A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denia... | | |
| CVE-2023-31518 | A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers... | E | |
| CVE-2023-31519 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the emai... | E | |
| CVE-2023-31528 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the stati... | E | |
| CVE-2023-31529 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the syste... | E | |
| CVE-2023-31530 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smart... | E | |
| CVE-2023-31531 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomog... | E | |
| CVE-2023-31541 | A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of... | E | |
| CVE-2023-31543 | A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via u... | E S | |
| CVE-2023-31544 | A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to e... | E S | |
| CVE-2023-31546 | Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code vi... | E | |
| CVE-2023-31548 | A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM... | E | |
| CVE-2023-31554 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2663. Reason: This re... | R | |
| CVE-2023-31555 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObj... | E S | |
| CVE-2023-31556 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDic... | E S | |
| CVE-2023-31557 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2664. Reason: This re... | R | |
| CVE-2023-31566 | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt:... | E S | |
| CVE-2023-31567 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncrypt... | E S | |
| CVE-2023-31568 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncrypt... | E S | |
| CVE-2023-31569 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWan... | E | |
| CVE-2023-31572 | An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password an... | E | |
| CVE-2023-31576 | An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrar... | E | |
| CVE-2023-31579 | Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating a... | S | |
| CVE-2023-31580 | light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow... | E | |
| CVE-2023-31581 | Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.... | E | |
| CVE-2023-31582 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.... | | |
| CVE-2023-31584 | GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scriptin... | E | |
| CVE-2023-31585 | Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.... | E | |
| CVE-2023-31587 | Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability ... | E S | |
| CVE-2023-31594 | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel ... | E | |
| CVE-2023-31595 | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port acc... | E | |
| CVE-2023-31597 | An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address ... | S | |
| CVE-2023-31606 | A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of... | E | |
| CVE-2023-31607 | An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to c... | E S | |
| CVE-2023-31608 | An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to ca... | E S | |
| CVE-2023-31609 | An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers ... | E S | |
| CVE-2023-31610 | An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers... | E S | |
| CVE-2023-31611 | An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to ... | E S | |
| CVE-2023-31612 | An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to c... | E S | |
| CVE-2023-31613 | An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attack... | E S | |
| CVE-2023-31614 | An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows att... | E S | |
| CVE-2023-31615 | An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cau... | E S | |
| CVE-2023-31616 | An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a... | E S | |
| CVE-2023-31617 | An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to c... | E S | |
| CVE-2023-31618 | An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers... | E S | |
| CVE-2023-31619 | An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers... | E S | |
| CVE-2023-31620 | An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to caus... | E S | |
| CVE-2023-31621 | An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to caus... | E S | |
| CVE-2023-31622 | An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attack... | E S | |
| CVE-2023-31623 | An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cau... | E S | |
| CVE-2023-31624 | An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to ... | E S | |
| CVE-2023-31625 | An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause ... | E S | |
| CVE-2023-31626 | An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to caus... | E S | |
| CVE-2023-31627 | An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a... | E S | |
| CVE-2023-31628 | An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a... | E S | |
| CVE-2023-31629 | An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers t... | E S | |
| CVE-2023-31630 | An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to... | E S | |
| CVE-2023-31631 | An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows att... | E S | |
| CVE-2023-31634 | In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operati... | | |
| CVE-2023-31654 | Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the compo... | E | |
| CVE-2023-31655 | redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attacker... | E S | |
| CVE-2023-31664 | A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API... | E | |
| CVE-2023-31669 | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before... | E | |
| CVE-2023-31670 | An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows a... | E | |
| CVE-2023-31671 | PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFron... | S | |
| CVE-2023-31672 | In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection... | E S | |
| CVE-2023-31677 | Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices v... | E | |
| CVE-2023-31678 | Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connect... | E | |
| CVE-2023-31679 | Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via ... | E | |
| CVE-2023-31689 | In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend serv... | E | |
| CVE-2023-31698 | Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: t... | E | |
| CVE-2023-31699 | ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.... | | |
| CVE-2023-31700 | TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _htt... | E | |
| CVE-2023-31701 | TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _htt... | E | |
| CVE-2023-31702 | SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows ... | E | |
| CVE-2023-31703 | Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console... | E | |
| CVE-2023-31704 | Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which... | E | |
| CVE-2023-31705 | A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allo... | | |
| CVE-2023-31707 | SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.... | E | |
| CVE-2023-31708 | A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands... | E | |
| CVE-2023-31710 | TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerabl... | | |
| CVE-2023-31714 | Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.... | S | |
| CVE-2023-31716 | FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log... | | |
| CVE-2023-31717 | A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the da... | E | |
| CVE-2023-31718 | FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.... | E | |
| CVE-2023-31719 | FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.... | E | |
| CVE-2023-31722 | There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).... | E | |
| CVE-2023-31723 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac... | E | |
| CVE-2023-31724 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directiv... | E | |
| CVE-2023-31725 | yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_pa... | E | |
| CVE-2023-31726 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtai... | | |
| CVE-2023-31728 | Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH ... | | |
| CVE-2023-31729 | TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.... | | |
| CVE-2023-31740 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06.... | E M | |
| CVE-2023-31741 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06.... | E M | |
| CVE-2023-31742 | There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.... | E M | |
| CVE-2023-31746 | There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0.... | | |
| CVE-2023-31747 | Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulner... | E | |
| CVE-2023-31748 | Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin v... | E | |
| CVE-2023-31752 | SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via... | E | |
| CVE-2023-31753 | SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary... | E S | |
| CVE-2023-31754 | Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2023-31756 | A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V ... | E | |
| CVE-2023-31757 | DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and ... | E | |
| CVE-2023-31759 | Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full acce... | | |
| CVE-2023-31761 | Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attacker... | | |
| CVE-2023-31762 | Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers t... | | |
| CVE-2023-31763 | Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to... | | |
| CVE-2023-31779 | Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege... | S | |
| CVE-2023-31794 | MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. T... | | |
| CVE-2023-31799 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31800 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31801 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31802 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31803 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31804 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31805 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attac... | | |
| CVE-2023-31806 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31807 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute... | | |
| CVE-2023-31808 | Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account ... | | |
| CVE-2023-31813 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2804. Reason: This record is a dup... | R | |
| CVE-2023-31814 | D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_... | | |
| CVE-2023-31816 | IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerabl... | E | |
| CVE-2023-31818 | An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive informa... | E | |
| CVE-2023-31819 | An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain acces... | E | |
| CVE-2023-31820 | An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive inf... | E | |
| CVE-2023-31821 | An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive info... | E | |
| CVE-2023-31822 | An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive inform... | E | |
| CVE-2023-31823 | An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to se... | E | |
| CVE-2023-31824 | An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensi... | E | |
| CVE-2023-31825 | An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information ... | E | |
| CVE-2023-31826 | Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. ... | E | |
| CVE-2023-31842 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?pag... | E | |
| CVE-2023-31843 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_fa... | E | |
| CVE-2023-31844 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_... | E | |
| CVE-2023-31845 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_... | E | |
| CVE-2023-31847 | In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controll... | E | |
| CVE-2023-31848 | davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).... | | |
| CVE-2023-31851 | Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/w... | E | |
| CVE-2023-31852 | Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless... | E | |
| CVE-2023-31853 | Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth ... | E | |
| CVE-2023-31854 | std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categoriz... | | |
| CVE-2023-31856 | A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLI... | E | |
| CVE-2023-31857 | Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to ... | E | |
| CVE-2023-31860 | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b syst... | E | |
| CVE-2023-31861 | ZLMediaKit 4.0 is vulnerable to Directory Traversal.... | E | |
| CVE-2023-31862 | jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in... | E | |
| CVE-2023-31867 | Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.... | | |
| CVE-2023-31868 | Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web appl... | | |
| CVE-2023-31871 | OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from ... | E | |
| CVE-2023-31873 | Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child... | E | |
| CVE-2023-31874 | Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via no... | | |
| CVE-2023-31889 | An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.... | | |
| CVE-2023-31890 | An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary ... | E | |
| CVE-2023-31893 | Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (... | | |
| CVE-2023-31902 | RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).... | E | |
| CVE-2023-31903 | GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute... | E | |
| CVE-2023-31904 | savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.... | E | |
| CVE-2023-31906 | Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component... | E S | |
| CVE-2023-31907 | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal... | E S | |
| CVE-2023-31908 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ... | E S | |
| CVE-2023-31910 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ... | E S | |
| CVE-2023-31913 | Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component pa... | E | |
| CVE-2023-31914 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.... | E | |
| CVE-2023-31916 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_fi... | E | |
| CVE-2023-31918 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse... | E | |
| CVE-2023-31919 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_rai... | E | |
| CVE-2023-31920 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at j... | E S | |
| CVE-2023-31921 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uin... | E S | |
| CVE-2023-31922 | QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray... | E | |
| CVE-2023-31923 | Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web applic... | E | |
| CVE-2023-31925 | Storage of clear text password in Brocade SANnav | | |
| CVE-2023-31926 | Arbitrary File Overwrite using less command | | |
| CVE-2023-31927 | An information disclosure in the web interface of Brocade Fabric OS | | |
| CVE-2023-31928 | XSS vulnerability in Brocade Webtools | | |
| CVE-2023-31932 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31933 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31934 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attack... | E | |
| CVE-2023-31935 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attack... | E | |
| CVE-2023-31936 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31937 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31938 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31939 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31940 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31941 | File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to exe... | E | |
| CVE-2023-31942 | Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attack... | E | |
| CVE-2023-31943 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31944 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31945 | SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to e... | E | |
| CVE-2023-31946 | File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to exe... | E | |
| CVE-2023-31972 | yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.... | E | |
| CVE-2023-31973 | yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/... | E | |
| CVE-2023-31974 | yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. No... | E | |
| CVE-2023-31975 | yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/in... | E | |
| CVE-2023-31976 | libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess... | E | |
| CVE-2023-31979 | Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /sr... | E | |
| CVE-2023-31981 | Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload ... | E | |
| CVE-2023-31982 | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm... | E | |
| CVE-2023-31983 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attack... | E | |
| CVE-2023-31985 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attack... | E | |
| CVE-2023-31986 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attack... | E | |
| CVE-2023-31994 | Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP p... | | |
| CVE-2023-31995 | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2023-31996 | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization ... | | |
| CVE-2023-31997 | UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a ... | | |
| CVE-2023-31998 | A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrup... | S | |
| CVE-2023-31999 | All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were... | E |