| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-33000 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentia... | | |
| CVE-2023-33001 | Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace ... | | |
| CVE-2023-33002 | Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name,... | | |
| CVE-2023-33003 | A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier all... | | |
| CVE-2023-33004 | A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Over... | | |
| CVE-2023-33005 | Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.... | | |
| CVE-2023-33006 | A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allow... | | |
| CVE-2023-33007 | Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resu... | | |
| CVE-2023-33008 | Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale | | |
| CVE-2023-33009 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4... | KEV | |
| CVE-2023-33010 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions ... | KEV | |
| CVE-2023-33011 | A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, U... | | |
| CVE-2023-33012 | A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versi... | | |
| CVE-2023-33013 | A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware v... | S | |
| CVE-2023-33014 | Improper Input Validation in Services | | |
| CVE-2023-33015 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33016 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33017 | Buffer Copy Without Checking Size of Input in Boot | | |
| CVE-2023-33018 | Integer Overflow to Buffer Overflow in User Identity Module | | |
| CVE-2023-33019 | Improper Authorization in WLAN Host | S | |
| CVE-2023-33020 | Improper Authorization in WLAN Host | S | |
| CVE-2023-33021 | Use After Free in Graphics | S | |
| CVE-2023-33022 | Integer Overflow to Buffer Overflow in HLOS | | |
| CVE-2023-33023 | Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in SPS-Applications | | |
| CVE-2023-33024 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Radio Interface Layer | | |
| CVE-2023-33025 | Buffer Copy without Checking Size of Input in Data Modem | | |
| CVE-2023-33026 | Buffer over-read in WLAN Firmware | | |
| CVE-2023-33027 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33028 | Buffer Copy without Checking Size of Input in WLAN Firmware | | |
| CVE-2023-33029 | Use After Free in DSP Service | S | |
| CVE-2023-33030 | Buffer Copy without Checking Size of Input in HLOS | | |
| CVE-2023-33031 | Buffer Copy Without Checking Size of Input in Automotive Audio | S | |
| CVE-2023-33032 | Integer Overflow or Wraparound in TZ Secure OS | | |
| CVE-2023-33033 | Use of Out-of-range Pointer Offset in Audio | | |
| CVE-2023-33034 | Signed-to-unsigned conversion error in Audio | S | |
| CVE-2023-33035 | Buffer Copy Without Checking Size of Input in Audio | S | |
| CVE-2023-33036 | NULL Pointer Dereference in Hypervisor | | |
| CVE-2023-33037 | Cryptographic Issues in Automotive | | |
| CVE-2023-33038 | Integer Overflow or Wraparound in Radio Interface Layer | | |
| CVE-2023-33039 | Use After Free in Automotive Display | | |
| CVE-2023-33040 | Buffer Over-read in Data Modem | | |
| CVE-2023-33041 | Reachable assertion in WLAN Firmware | | |
| CVE-2023-33042 | Improper Input Validation in Modem | | |
| CVE-2023-33043 | Reachable Assertion in Modem | | |
| CVE-2023-33044 | Reachable Assertion in Data Modem | | |
| CVE-2023-33045 | Buffer Copy Without Checking Size of Input in WLAN Firmware | | |
| CVE-2023-33046 | Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment | | |
| CVE-2023-33047 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33048 | Buffer over-read in WLAN Firmware | | |
| CVE-2023-33049 | Improper Release of Memory Before Removing Last Reference in Multi-Mode Call Processor | | |
| CVE-2023-33053 | Improper Validation of Array Index in Kernel | S | |
| CVE-2023-33054 | Improper Authentication in GPS HLOS Driver | | |
| CVE-2023-33055 | Buffer Copy Without Checking Size of Input in Audio | S | |
| CVE-2023-33056 | NULL Pointer dereference in WLAN Firmware | | |
| CVE-2023-33057 | Improper Input Validation in Multi-Mode Call Processor | | |
| CVE-2023-33058 | Buffer Copy Without Checking Size of Input in Modem | | |
| CVE-2023-33059 | Buffer Copy Without Checking Size of Input in Audio | S | |
| CVE-2023-33060 | Buffer Over-read in Core | | |
| CVE-2023-33061 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33062 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33063 | Use After Free in DSP Services | KEV S | |
| CVE-2023-33064 | Buffer Over-read in Audio | | |
| CVE-2023-33065 | Buffer Over-read in Audio | | |
| CVE-2023-33066 | Use of Out-of-range Pointer Offset in Audio | | |
| CVE-2023-33067 | Use of Out-of-range Pointer Offset in Audio | | |
| CVE-2023-33068 | Buffer Copy Without Checking Size of Input in Audio | | |
| CVE-2023-33069 | Buffer Copy Without Checking Size of Input in Audio | | |
| CVE-2023-33070 | Improper Authentication in Automotive OS | S | |
| CVE-2023-33071 | Improper Access Control in Automotive OS Platform Android | S | |
| CVE-2023-33072 | Buffer copy without checking size of Input in Core | | |
| CVE-2023-33074 | Use After Free in Audio | S | |
| CVE-2023-33076 | Configuration Issue in Core | | |
| CVE-2023-33077 | Buffer Copy Without Checking Size of Input in HLOS | | |
| CVE-2023-33078 | Buffer Over-read in DSP Services | | |
| CVE-2023-33079 | Use of Out-of-range Pointer Offset in Audio | S | |
| CVE-2023-33080 | Buffer over-read in WLAN Firmware | | |
| CVE-2023-33081 | Buffer over-read in WLAN Firmware | | |
| CVE-2023-33082 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host | | |
| CVE-2023-33083 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host | | |
| CVE-2023-33084 | Improper Release of Memory Before Removing Last Reference in Data Modem | | |
| CVE-2023-33085 | Buffer Copy Without Checking Size of Input (Classic Buffer Overflow) in Wearables | S | |
| CVE-2023-33086 | Improper Release of Memory Before Removing Last Reference in Data Modem | | |
| CVE-2023-33087 | Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Core | S | |
| CVE-2023-33088 | NULL pointer dereference in WLAN Firmware | | |
| CVE-2023-33089 | NULL Pointer Dereference in WLAN Firmware | | |
| CVE-2023-33090 | Buffer Over-read in Audio | S | |
| CVE-2023-33092 | Buffer Copy Without Checking Size of Input in Bluetooth HOST | S | |
| CVE-2023-33094 | Use After Free in Linux Graphics | | |
| CVE-2023-33095 | Reachable Assertion in Multi-Mode Call Processor | | |
| CVE-2023-33096 | Reachable Assertion in Multi-Mode Call Processor | | |
| CVE-2023-33097 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33098 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33099 | Improper Input Validation in Multi-Mode Call Processor | | |
| CVE-2023-33100 | Improper input validation in Multi-Mode Call Processor | | |
| CVE-2023-33101 | Incorrect Type Conversion or Cast in Multi-Mode Call Processor | | |
| CVE-2023-33103 | Improper Input Validation in Multi-Mode Call Processor | | |
| CVE-2023-33104 | Improper input Validation in Multi-Mode Call Processor | | |
| CVE-2023-33105 | Configuration Issue in WLAN Host and Firmware | | |
| CVE-2023-33106 | Use of Out-of-range Pointer Offset in Graphics | KEV S | |
| CVE-2023-33107 | Integer Overflow or Wraparound in Graphics Linux | KEV S | |
| CVE-2023-33108 | Use After Free in Graphics | S | |
| CVE-2023-33109 | NULL Pointer Dereference in WLAN Firmware | | |
| CVE-2023-33110 | Use of Out-of-range Pointer Offset in Audio | | |
| CVE-2023-33111 | Improper Validation of Array Index in Audio | S | |
| CVE-2023-33112 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-33113 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Kernel | | |
| CVE-2023-33114 | Use after free in Neural Processing Unit | S | |
| CVE-2023-33115 | Buffer Over-read in Trusted Execution Environment | | |
| CVE-2023-33116 | Buffer over-read without Checking Size of Input in WLAN Host | | |
| CVE-2023-33117 | Use After Free in Audio | S | |
| CVE-2023-33118 | Use After Free in Automotive Audio | S | |
| CVE-2023-33119 | Time-of-check Time-of-use (TOCTOU) Race Condition in Hypervisor | | |
| CVE-2023-33120 | Use After Free in Audio | | |
| CVE-2023-33121 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V1... | S | |
| CVE-2023-33122 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V1... | S | |
| CVE-2023-33123 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V1... | S | |
| CVE-2023-33124 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V1... | S | |
| CVE-2023-33126 | .NET and Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-33127 | .NET and Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2023-33128 | .NET and Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-33129 | Microsoft SharePoint Server Denial of Service Vulnerability | S | |
| CVE-2023-33130 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2023-33131 | Microsoft Outlook Remote Code Execution Vulnerability | S | |
| CVE-2023-33132 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2023-33133 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2023-33134 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2023-33135 | .NET and Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | S | |
| CVE-2023-33137 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2023-33139 | Visual Studio Information Disclosure Vulnerability | S | |
| CVE-2023-33140 | Microsoft OneNote Spoofing Vulnerability | E S | |
| CVE-2023-33141 | Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | S | |
| CVE-2023-33142 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | S | |
| CVE-2023-33143 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-33144 | Visual Studio Code Spoofing Vulnerability | S | |
| CVE-2023-33145 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2023-33146 | Microsoft Office Remote Code Execution Vulnerability | S | |
| CVE-2023-33148 | Microsoft Office Elevation of Privilege Vulnerability | E S | |
| CVE-2023-33149 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2023-33150 | Microsoft Office Security Feature Bypass Vulnerability | S | |
| CVE-2023-33151 | Microsoft Outlook Spoofing Vulnerability | S | |
| CVE-2023-33152 | Microsoft ActiveX Remote Code Execution Vulnerability | S | |
| CVE-2023-33153 | Microsoft Outlook Remote Code Execution Vulnerability | S | |
| CVE-2023-33154 | Windows Partition Management Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-33155 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-33156 | Microsoft Defender Elevation of Privilege Vulnerability | S | |
| CVE-2023-33157 | Microsoft SharePoint Remote Code Execution Vulnerability | S | |
| CVE-2023-33158 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2023-33159 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2023-33160 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2023-33161 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2023-33162 | Microsoft Excel Information Disclosure Vulnerability | S | |
| CVE-2023-33163 | Windows Network Load Balancing Remote Code Execution Vulnerability | S | |
| CVE-2023-33164 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-33165 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | S | |
| CVE-2023-33166 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-33167 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-33168 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-33169 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-33170 | ASP.NET and Visual Studio Security Feature Bypass Vulnerability | S | |
| CVE-2023-33171 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-33172 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-33173 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-33174 | Windows Cryptographic Information Disclosure Vulnerability | S | |
| CVE-2023-33175 | ToUI allows user-specific variables to be shared between users | | |
| CVE-2023-33176 | Blind SSRF When Uploading Presentation in BigBlueButton | S | |
| CVE-2023-33177 | Xibo CMS vulnerable to Remote Code Execution through Zip Slip | S | |
| CVE-2023-33178 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter | | |
| CVE-2023-33179 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS nameFilter | | |
| CVE-2023-33180 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS display map | | |
| CVE-2023-33181 | Sensitive Information Disclosure abusing Stack Trace in Xibo CMS | | |
| CVE-2023-33182 | Nextcloud Contacts photos only sanitized if mime type is all lower case | S | |
| CVE-2023-33183 | Error in calendar when booking an appointment reveals the full path of the website | S | |
| CVE-2023-33184 | Blind SSRF in the Nextcloud Mail app on avatar endpoint | S | |
| CVE-2023-33185 | Incorrect signature verification in django-ses | E S | |
| CVE-2023-33186 | Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip | S | |
| CVE-2023-33187 | highlight vulnerable to cleartext transmission of sensitive information | S | |
| CVE-2023-33188 | Uncontrolled data used in content resolution | | |
| CVE-2023-33189 | Incorrect Authorization with specially crafted requests | S | |
| CVE-2023-33190 | Improperly configured permissions in Sealos | S | |
| CVE-2023-33191 | kyverno seccomp control can be circumvented | | |
| CVE-2023-33192 | Improper handling of NTS cookie length that could crash the ntpd-rs server | S | |
| CVE-2023-33193 | Emby Server Proxy Header Spoofing Vulnerability | | |
| CVE-2023-33194 | CraftCMS stored XSS in Quick Post widget error message | E S | |
| CVE-2023-33195 | Craft CMS XSS in RSS widget feed | E S | |
| CVE-2023-33196 | Craft CMS stored XSS in review volume | E S | |
| CVE-2023-33197 | Craft CMS stored XSS in indexedVolumes | E S | |
| CVE-2023-33198 | Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API | S | |
| CVE-2023-33199 | malformed proposed intoto v0.0.2 entries can cause a panic in Rekor | S | |
| CVE-2023-33200 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations | | |
| CVE-2023-33201 | Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability... | S | |
| CVE-2023-33202 | Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bou... | E | |
| CVE-2023-33203 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ether... | S | |
| CVE-2023-33204 | sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE:... | S | |
| CVE-2023-33206 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, ... | E | |
| CVE-2023-33207 | WordPress Stop Referrer Spam Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33208 | WordPress Cookie Monster Plugin <= 1.51 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-33209 | WordPress SEO Change Monitor Plugin <= 1.2 is vulnerable to SQL Injection | S | |
| CVE-2023-33210 | WordPress nuajik CDN Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-33211 | WordPress WP-Piwik Plugin <= 1.0.27 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33212 | WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33213 | WordPress wpView Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-33214 | WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-33215 | WordPress Taggbox plugin <= 3.3 - Broken Access Control vulnerability | S | |
| CVE-2023-33216 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33217 | Missing integrity check on upgrade package | | |
| CVE-2023-33218 | Stack Buffer Overflow in a binary run at upgrade startup | | |
| CVE-2023-33219 | Stack Buffer Overflow when checking retrofit package | | |
| CVE-2023-33220 | Stack Buffer Overflow when checking some attributes during retrofit | | |
| CVE-2023-33221 | Heap Buffer Overflow when reading DESFire card | | |
| CVE-2023-33222 | Stack buffer overflow when reading DESFire card | | |
| CVE-2023-33224 | SolarWinds Platform Incorrect Behavior Order Vulnerability | S | |
| CVE-2023-33225 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | S | |
| CVE-2023-33226 | Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2023-33227 | Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2023-33228 | SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability | S | |
| CVE-2023-33229 | SolarWinds Platform Incorrect Input Neutralization Vulnerability | S | |
| CVE-2023-33231 | XSS in SolarWinds Database Performance Analyzer 2023.2 | S | |
| CVE-2023-33234 | Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration | | |
| CVE-2023-33235 | MXsecurity Command Injection Vulnerability | S | |
| CVE-2023-33236 | MXsecurity Hardcoded Credential Vulnerability | S | |
| CVE-2023-33237 | Authentication Bypass Without Administrator Privilege | S | |
| CVE-2023-33238 | Command-injection Vulnerability in Certificate Management | S | |
| CVE-2023-33239 | Second Order Command-injection Vulnerability in the Key-generation Function | S | |
| CVE-2023-33240 | Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x... | | |
| CVE-2023-33241 | GG18 / GG20 TSS Beta Parameter Vulnerability | E | |
| CVE-2023-33242 | Lindell17 TSS Abort Mishandling | E | |
| CVE-2023-33243 | RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows auth... | E | |
| CVE-2023-33244 | Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and des... | | |
| CVE-2023-33245 | Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and pos... | | |
| CVE-2023-33246 | Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function | KEV E | |
| CVE-2023-33247 | Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that a... | | |
| CVE-2023-33248 | Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices poten... | E | |
| CVE-2023-33250 | The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_paget... | | |
| CVE-2023-33251 | When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directi... | M | |
| CVE-2023-33252 | iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSi... | | |
| CVE-2023-33253 | LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged us... | E | |
| CVE-2023-33254 | There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0... | E | |
| CVE-2023-33255 | An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI ima... | E | |
| CVE-2023-33257 | Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data fo... | E | |
| CVE-2023-33263 | In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuratio... | | |
| CVE-2023-33264 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't m... | S | |
| CVE-2023-33265 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check ... | | |
| CVE-2023-33268 | An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate chec... | E | |
| CVE-2023-33269 | An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check functi... | E | |
| CVE-2023-33270 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function i... | E | |
| CVE-2023-33271 | An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certifica... | E | |
| CVE-2023-33272 | An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is... | E | |
| CVE-2023-33273 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function i... | E | |
| CVE-2023-33274 | The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows un... | E | |
| CVE-2023-33276 | The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 ... | E | |
| CVE-2023-33277 | The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attac... | E | |
| CVE-2023-33278 | In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls ca... | | |
| CVE-2023-33279 | In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL cal... | | |
| CVE-2023-33280 | In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL... | | |
| CVE-2023-33281 | The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open r... | E | |
| CVE-2023-33282 | Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote at... | E | |
| CVE-2023-33283 | Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains ac... | E | |
| CVE-2023-33284 | Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attack... | | |
| CVE-2023-33285 | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6... | | |
| CVE-2023-33287 | A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8... | | |
| CVE-2023-33288 | An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remo... | S | |
| CVE-2023-33289 | The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a c... | E | |
| CVE-2023-33290 | The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) v... | E | |
| CVE-2023-33291 | In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow... | | |
| CVE-2023-33293 | An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local we... | E | |
| CVE-2023-33294 | An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a loca... | E | |
| CVE-2023-33295 | Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vuln... | | |
| CVE-2023-33297 | Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service... | S | |
| CVE-2023-33298 | com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (... | E | |
| CVE-2023-33299 | A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and a... | S | |
| CVE-2023-33300 | A improper neutralization of special elements used in a command ('command injection') in Fortinet Fo... | S | |
| CVE-2023-33301 | An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attac... | S | |
| CVE-2023-33302 | A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webm... | S | |
| CVE-2023-33303 | A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker t... | S | |
| CVE-2023-33304 | A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.... | S | |
| CVE-2023-33305 | A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7... | S | |
| CVE-2023-33306 | A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, Forti... | S | |
| CVE-2023-33307 | A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2... | S | |
| CVE-2023-33308 | A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and ... | S | |
| CVE-2023-33309 | WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33310 | WordPress Unite Gallery Lite plugin <= 1.7.59 - Local File Inclusion vulnerability | S | |
| CVE-2023-33311 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33312 | WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-33313 | WordPress WIP Custom Login Plugin <= 1.2.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33314 | WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33315 | WordPress Smart App Banner Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33316 | WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33317 | WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33318 | WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-33319 | WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33320 | WordPress WP-Hijri Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33321 | WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure | S | |
| CVE-2023-33322 | WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2023-33323 | WordPress ARMember Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33324 | WordPress Easy Captcha plugin <= 1.0 - Broken Access Control vulnerability | | |
| CVE-2023-33325 | WordPress Leyka Plugin <= 3.30.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33326 | WordPress EventPrime Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33327 | WordPress Leyka plugin <= 3.30.2 - Privilege Escalation vulnerability | S | |
| CVE-2023-33328 | WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33329 | WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-33330 | WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.50 is vulnerable to SQL Injection | S | |
| CVE-2023-33331 | WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to SQL Injection | S | |
| CVE-2023-33332 | WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33333 | WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) | S | |
| CVE-2023-33335 | Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parame... | | |
| CVE-2023-33336 | Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 t... | | |
| CVE-2023-33338 | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.... | E | |
| CVE-2023-33355 | IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the di... | E | |
| CVE-2023-33356 | IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-33359 | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.... | E | |
| CVE-2023-33361 | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.... | E S | |
| CVE-2023-33362 | Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.... | E S | |
| CVE-2023-33363 | An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauth... | | |
| CVE-2023-33364 | An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authen... | | |
| CVE-2023-33365 | A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticate... | | |
| CVE-2023-33366 | A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated u... | | |
| CVE-2023-33367 | A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthentic... | | |
| CVE-2023-33368 | Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information... | | |
| CVE-2023-33369 | A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers ... | | |
| CVE-2023-33370 | An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attac... | | |
| CVE-2023-33371 | Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verif... | | |
| CVE-2023-33372 | Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's fi... | | |
| CVE-2023-33373 | Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attacke... | | |
| CVE-2023-33374 | Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the manag... | | |
| CVE-2023-33375 | Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication p... | | |
| CVE-2023-33376 | Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command messag... | | |
| CVE-2023-33377 | Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command ... | | |
| CVE-2023-33378 | Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in i... | | |
| CVE-2023-33379 | Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and de... | | |
| CVE-2023-33381 | A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC ... | E | |
| CVE-2023-33383 | Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds re... | E | |
| CVE-2023-33386 | MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments ... | E | |
| CVE-2023-33387 | A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/... | | |
| CVE-2023-33394 | skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by de... | E | |
| CVE-2023-33404 | An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in... | E | |
| CVE-2023-33405 | Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.... | E | |
| CVE-2023-33408 | Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insuffici... | E | |
| CVE-2023-33409 | Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/cont... | E | |
| CVE-2023-33410 | Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute... | E | |
| CVE-2023-33411 | A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller... | | |
| CVE-2023-33412 | The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management contr... | | |
| CVE-2023-33413 | The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard ma... | | |
| CVE-2023-33438 | A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remot... | E | |
| CVE-2023-33439 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_... | E | |
| CVE-2023-33440 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/aj... | E | |
| CVE-2023-33443 | Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2... | E | |
| CVE-2023-33457 | In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and... | E S | |
| CVE-2023-33460 | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-me... | E S | |
| CVE-2023-33461 | iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which miss... | E | |
| CVE-2023-33466 | Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitra... | | |
| CVE-2023-33468 | KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnera... | E | |
| CVE-2023-33469 | In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connec... | E | |
| CVE-2023-33472 | An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers w... | E | |
| CVE-2023-33476 | ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnera... | E S | |
| CVE-2023-33477 | In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly req... | | |
| CVE-2023-33478 | RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.... | E | |
| CVE-2023-33479 | RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.... | E | |
| CVE-2023-33480 | RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker ... | E | |
| CVE-2023-33481 | RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET paramet... | E | |
| CVE-2023-33485 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buf... | E | |
| CVE-2023-33486 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulner... | E | |
| CVE-2023-33487 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulne... | E | |
| CVE-2023-33492 | EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-33493 | An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Databas... | | |
| CVE-2023-33495 | Craft CMS through 4.4.9 is vulnerable to HTML Injection.... | | |
| CVE-2023-33496 | xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.r... | E | |
| CVE-2023-33498 | alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file... | | |
| CVE-2023-33507 | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.... | E | |
| CVE-2023-33508 | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code ... | E | |
| CVE-2023-33509 | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection.... | E | |
| CVE-2023-33510 | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.... | E | |
| CVE-2023-33515 | SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens.... | | |
| CVE-2023-33517 | carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System)... | | |
| CVE-2023-33518 | emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows... | E | |
| CVE-2023-33524 | Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affe... | | |
| CVE-2023-33528 | halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2023-33530 | There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware ver... | | |
| CVE-2023-33532 | There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.4... | E | |
| CVE-2023-33533 | Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmw... | E | |
| CVE-2023-33534 | A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G softwar... | E | |
| CVE-2023-33536 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer ov... | E | |
| CVE-2023-33537 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer ov... | E | |
| CVE-2023-33538 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command i... | KEV E | |
| CVE-2023-33544 | hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which ca... | E | |
| CVE-2023-33546 | Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression ev... | E | |
| CVE-2023-33548 | Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including... | | |
| CVE-2023-33551 | Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows... | E S | |
| CVE-2023-33552 | Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote... | E S | |
| CVE-2023-33553 | An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and... | E | |
| CVE-2023-33556 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2023-33557 | Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /con... | E | |
| CVE-2023-33558 | An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1... | S | |
| CVE-2023-33559 | A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers... | | |
| CVE-2023-33560 | There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers ... | | |
| CVE-2023-33561 | Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 res... | | |
| CVE-2023-33562 | User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs duri... | | |
| CVE-2023-33563 | In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address... | | |
| CVE-2023-33564 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJa... | | |
| CVE-2023-33565 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-33566 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-33567 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-33568 | An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump an... | E S | |
| CVE-2023-33569 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/... | E | |
| CVE-2023-33570 | Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).... | E | |
| CVE-2023-33580 | Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) i... | E | |
| CVE-2023-33584 | Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which a... | E | |
| CVE-2023-33591 | User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scr... | | |
| CVE-2023-33592 | Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2023-33595 | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decod... | S | |
| CVE-2023-33599 | EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.... | E S | |
| CVE-2023-33601 | An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to ... | E | |
| CVE-2023-33604 | Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspRe... | | |
| CVE-2023-33613 | axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-cod... | E | |
| CVE-2023-33617 | An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found... | E | |
| CVE-2023-33620 | GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows a... | E | |
| CVE-2023-33621 | GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when... | E | |
| CVE-2023-33622 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31475. Reason: This record is a re... | R | |
| CVE-2023-33623 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31478. Reason: This record is a re... | R | |
| CVE-2023-33624 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31472. Reason: This record is a re... | R | |
| CVE-2023-33625 | D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command inject... | E | |
| CVE-2023-33626 | D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow... | E | |
| CVE-2023-33627 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateS... | | |
| CVE-2023-33628 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsLi... | | |
| CVE-2023-33629 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Deltrig... | | |
| CVE-2023-33630 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsL... | | |
| CVE-2023-33631 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTLi... | | |
| CVE-2023-33632 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_l... | | |
| CVE-2023-33633 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateW... | | |
| CVE-2023-33634 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edittri... | | |
| CVE-2023-33635 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateM... | | |
| CVE-2023-33636 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_l... | | |
| CVE-2023-33637 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSH... | | |
| CVE-2023-33638 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_Ba... | | |
| CVE-2023-33639 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobi... | | |
| CVE-2023-33640 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWi... | | |
| CVE-2023-33641 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacL... | | |
| CVE-2023-33642 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_Ba... | | |
| CVE-2023-33643 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlan... | | |
| CVE-2023-33651 | An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), ... | E | |
| CVE-2023-33652 | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execut... | E | |
| CVE-2023-33653 | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execut... | E | |
| CVE-2023-33656 | A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file messag... | E | |
| CVE-2023-33657 | A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by callin... | E S | |
| CVE-2023-33658 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by ... | E S | |
| CVE-2023-33659 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by ... | E S | |
| CVE-2023-33660 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by ... | E S | |
| CVE-2023-33661 | Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupRep... | E | |
| CVE-2023-33663 | In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaS... | | |
| CVE-2023-33664 | ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via... | E S | |
| CVE-2023-33665 | ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the compone... | S | |
| CVE-2023-33666 | ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability... | S | |
| CVE-2023-33668 | DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII a... | E | |
| CVE-2023-33669 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in ... | E | |
| CVE-2023-33670 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the ... | E | |
| CVE-2023-33671 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in ... | E | |
| CVE-2023-33672 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter i... | E | |
| CVE-2023-33673 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter i... | E | |
| CVE-2023-33675 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the ... | E | |
| CVE-2023-33676 | Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL ... | | |
| CVE-2023-33677 | Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL ... | | |
| CVE-2023-33684 | Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios f... | | |
| CVE-2023-33690 | SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker in... | E S | |
| CVE-2023-33693 | A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Deni... | E S | |
| CVE-2023-33695 | Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the F... | E M | |
| CVE-2023-33706 | SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modi... | E | |
| CVE-2023-33715 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-33716 | mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.... | | |
| CVE-2023-33717 | mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had ... | E | |
| CVE-2023-33718 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp... | E S | |
| CVE-2023-33719 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp... | E | |
| CVE-2023-33720 | mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.... | E | |
| CVE-2023-33722 | EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulne... | E | |
| CVE-2023-33725 | Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scri... | E M | |
| CVE-2023-33730 | Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management... | E | |
| CVE-2023-33731 | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies... | E | |
| CVE-2023-33732 | Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management consol... | | |
| CVE-2023-33733 | Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.... | E | |
| CVE-2023-33734 | BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at s... | E | |
| CVE-2023-33735 | D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via... | E | |
| CVE-2023-33736 | A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to exec... | E | |
| CVE-2023-33740 | Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information... | E | |
| CVE-2023-33741 | Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device.... | E | |
| CVE-2023-33742 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: ... | | |
| CVE-2023-33743 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, A... | | |
| CVE-2023-33744 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, ... | | |
| CVE-2023-33745 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the ... | | |
| CVE-2023-33747 | CloudPanel v2.2.2 allows attackers to execute a path traversal.... | E | |
| CVE-2023-33750 | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitr... | E | |
| CVE-2023-33751 | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitr... | E | |
| CVE-2023-33754 | The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the n... | E | |
| CVE-2023-33756 | An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute ... | E S | |
| CVE-2023-33757 | A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and be... | E | |
| CVE-2023-33758 | Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) ... | E | |
| CVE-2023-33759 | SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, al... | E | |
| CVE-2023-33760 | SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. Th... | E | |
| CVE-2023-33761 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scr... | E | |
| CVE-2023-33762 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerabil... | E | |
| CVE-2023-33763 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scr... | E | |
| CVE-2023-33764 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site script... | E | |
| CVE-2023-33768 | Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin... | E | |
| CVE-2023-33770 | Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the m... | | |
| CVE-2023-33777 | An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute ... | | |
| CVE-2023-33778 | Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.... | E | |
| CVE-2023-33779 | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary com... | E | |
| CVE-2023-33780 | A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows... | E | |
| CVE-2023-33781 | An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a c... | E | |
| CVE-2023-33782 | D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 d... | E | |
| CVE-2023-33785 | A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) funct... | E | |
| CVE-2023-33786 | A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-typ... | E | |
| CVE-2023-33787 | A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-group... | E | |
| CVE-2023-33788 | A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) fun... | E | |
| CVE-2023-33789 | A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-gro... | E | |
| CVE-2023-33790 | A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) functio... | E | |
| CVE-2023-33791 | A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provide... | E | |
| CVE-2023-33792 | A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) fun... | E | |
| CVE-2023-33793 | A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) f... | E | |
| CVE-2023-33794 | A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function... | E | |
| CVE-2023-33795 | A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-role... | E | |
| CVE-2023-33796 | A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the Gra... | E | |
| CVE-2023-33797 | A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Net... | E | |
| CVE-2023-33798 | A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbo... | E | |
| CVE-2023-33799 | A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) functi... | E | |
| CVE-2023-33800 | A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of... | E | |
| CVE-2023-33802 | A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) vi... | E | |
| CVE-2023-33806 | Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, all... | | |
| CVE-2023-33817 | hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.... | E | |
| CVE-2023-33829 | A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows ... | E | |
| CVE-2023-33831 | A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows ... | E | |
| CVE-2023-33832 | IBM Storage Protect denial of service | S | |
| CVE-2023-33833 | IBM Security Verify Information Queue information disclosure | S | |
| CVE-2023-33834 | IBM Security Verify Information Queue information disclosure | S | |
| CVE-2023-33835 | IBM Security Verify Information Queue information disclosure | S | |
| CVE-2023-33836 | IBM Security Verify Governance information disclosure | S | |
| CVE-2023-33837 | IBM Security Verify Governance information disclosure | S | |
| CVE-2023-33838 | IBM Security Verify Governance information disclosure | | |
| CVE-2023-33839 | IBM Security Verify Governance command execution | S | |
| CVE-2023-33840 | IBM Security Verify Governance cross-site scripting | S | |
| CVE-2023-33842 | IBM SPSS Modeler information disclosure | S | |
| CVE-2023-33843 | IBM InfoSphere Information Server cross-site scripting | | |
| CVE-2023-33844 | IBM Security Verify Governance cross-site scripting | S | |
| CVE-2023-33846 | IBM CICS TX cross-site scripting | S | |
| CVE-2023-33847 | IBM CICS TX information disclosure | S | |
| CVE-2023-33848 | IBM CICS TX information disclosure | | |
| CVE-2023-33849 | IBM CICS TX information disclosure | | |
| CVE-2023-33850 | IBM GSKit-Crypto information disclosure | | |
| CVE-2023-33851 | IBM PowerVM Hypervisor information disclosure | | |
| CVE-2023-33852 | IBM Security Guardium SQL injection | S | |
| CVE-2023-33855 | IBM Common Cryptographic Architecture information disclosure | | |
| CVE-2023-33857 | IBM InfoSphere Information Server information disclosure | S | |
| CVE-2023-33859 | IBM Security ReaQta information disclosure | | |
| CVE-2023-33860 | IBM Security ReaQta information disclosure | | |
| CVE-2023-33861 | IBM Security ReaQta improper certificate validation | S | |
| CVE-2023-33863 | SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow.... | E | |
| CVE-2023-33864 | StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant ... | E | |
| CVE-2023-33865 | RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/... | E | |
| CVE-2023-33866 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi... | E | |
| CVE-2023-33867 | Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 4... | | |
| CVE-2023-33868 | PiiGAB M-Bus Improper Restriction of Excessive Authentication Attempts | S | |
| CVE-2023-33869 | Enphase Envoy OS Command Injection | M | |
| CVE-2023-33870 | Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow... | | |
| CVE-2023-33871 | Iagona ScrutisWeb Absolute Path Traversal | | |
| CVE-2023-33872 | Improper access control in the Intel Support android application all verions may allow an authentica... | | |
| CVE-2023-33873 | AVEVA Operations Control Logger Execution with Unnecessary Privileges | S | |
| CVE-2023-33874 | Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Fi... | S | |
| CVE-2023-33875 | Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software bef... | | |
| CVE-2023-33876 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annota... | E | |
| CVE-2023-33877 | Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in ... | | |
| CVE-2023-33878 | Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before vers... | S | |
| CVE-2023-33879 | In music service, there is a missing permission check. This could lead to local information disclosu... | | |
| CVE-2023-33880 | In music service, there is a missing permission check. This could lead to local information disclosu... | | |
| CVE-2023-33881 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33882 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33883 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33884 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33885 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33886 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33887 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33888 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33889 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33890 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33891 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33892 | In fastDial service, there is a missing permission check. This could lead to local information discl... | | |
| CVE-2023-33893 | In fastDial service, there is a missing permission check. This could lead to local information discl... | | |
| CVE-2023-33894 | In fastDial service, there is a missing permission check. This could lead to local information discl... | | |
| CVE-2023-33895 | In fastDial service, there is a missing permission check. This could lead to local information discl... | | |
| CVE-2023-33896 | In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2023-33897 | In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2023-33898 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33899 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33900 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33901 | In bluetooth service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33902 | In bluetooth service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2023-33903 | In FM service, there is a possible missing params check. This could lead to local denial of service... | | |
| CVE-2023-33904 | In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lea... | | |
| CVE-2023-33905 | In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2023-33906 | In Contacts Service, there is a possible missing permission check.This could lead to local informati... | | |
| CVE-2023-33907 | In Contacts Service, there is a possible missing permission check. This could lead to local informat... | | |
| CVE-2023-33908 | In ims service, there is a possible missing permission check. This could lead to local information d... | | |
| CVE-2023-33909 | In Contacts service, there is a possible missing permission check.This could lead to local informati... | | |
| CVE-2023-33910 | In Contacts Service, there is a possible missing permission check.This could lead to local informati... | | |
| CVE-2023-33911 | In vowifi service, there is a possible missing permission check.This could lead to local information... | | |
| CVE-2023-33912 | In Contacts service, there is a possible missing permission check.This could lead to local informati... | | |
| CVE-2023-33913 | In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer ... | | |
| CVE-2023-33914 | In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input... | | |
| CVE-2023-33915 | In LTE protocol stack, there is a possible missing permission check. This could lead to remote infor... | | |
| CVE-2023-33916 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-33917 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-33918 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-33919 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MA... | S | |
| CVE-2023-33920 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MA... | S | |
| CVE-2023-33921 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MA... | S | |
| CVE-2023-33922 | WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability | S | |
| CVE-2023-33923 | Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes | | |
| CVE-2023-33924 | WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to SQL Injection | | |
| CVE-2023-33925 | WordPress WooCommerce Product Categories Selection Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-33926 | WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33927 | WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection | S | |
| CVE-2023-33928 | WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability | S | |
| CVE-2023-33929 | WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-33930 | WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability | S | |
| CVE-2023-33931 | WordPress YouTube Playlist Player Plugin <= 4.6.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-33933 | Apache Traffic Server: s3_auth plugin problem with hash calculation | | |
| CVE-2023-33934 | Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies | | |
| CVE-2023-33937 | Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0... | | |
| CVE-2023-33938 | Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in L... | | |
| CVE-2023-33939 | Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 throug... | | |
| CVE-2023-33940 | Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through ... | | |
| CVE-2023-33941 | Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2Provi... | | |
| CVE-2023-33942 | Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Lif... | | |
| CVE-2023-33943 | Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.... | | |
| CVE-2023-33944 | Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, ... | | |
| CVE-2023-33945 | SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.... | | |
| CVE-2023-33946 | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 d... | | |
| CVE-2023-33947 | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 d... | | |
| CVE-2023-33948 | The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not l... | | |
| CVE-2023-33949 | In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does ... | | |
| CVE-2023-33950 | Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through... | | |
| CVE-2023-33951 | Kernel: vmwgfx: race condition leading to information disclosure vulnerability | S | |
| CVE-2023-33952 | Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects | S | |
| CVE-2023-33953 | Denial-of-Service in gRPC | | |
| CVE-2023-33955 | Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited | S | |
| CVE-2023-33956 | Parameter based Indirect Object Referencing leading to private file exposure in Kanboard | E S | |
| CVE-2023-33957 | Denial of service from high number of artifact signatures in notation | S | |
| CVE-2023-33958 | Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation | | |
| CVE-2023-33959 | Verification bypass can cause users into verifying the wrong artifact | | |
| CVE-2023-33960 | OpenProject vulnerable to project identifier information leakage through robots.txt | S | |
| CVE-2023-33961 | Leantime Stored Cross-site Scripting Vulnerability | | |
| CVE-2023-33962 | JStachio XSS vulnerability: Unescaped single quotes | E S | |
| CVE-2023-33963 | DataEase data source has deserialization vulnerability | E | |
| CVE-2023-33964 | mx-chain-go does not treat invalid transaction with wrong username correctly | S | |
| CVE-2023-33965 | Brook's tproxy server is vulnerable to a drive-by command injection. | S | |
| CVE-2023-33966 | Deno missing "--allow-net" permission check for built-in Node modules | | |
| CVE-2023-33967 | EaseProbe vulnerable to SQL injection when using MySQL/PostgreSQL data checking | S | |
| CVE-2023-33968 | Missing Access Control allows User to move and duplicate tasks in Kanboard | E S | |
| CVE-2023-33969 | Stored Cross site scripting in the Task External Link Functionality in Kanboard | E S | |
| CVE-2023-33970 | Missing access control in internal task links feature in Kanboard | E S | |
| CVE-2023-33971 | Formcreator vulnerable to stored XSS from ##FULLFORM## | E | |
| CVE-2023-33972 | Privilege escalation from having CREATE access on a keyspace in Scylladb | | |
| CVE-2023-33973 | RIOT-OS vulnerable to NULL pointer dereference during NHC encoding | S | |
| CVE-2023-33974 | RIOT-OS vulnerable to Race Condition in SFR Timeout | S | |
| CVE-2023-33975 | RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add | E S | |
| CVE-2023-33976 | TensorFlow segfault in array_ops.upper_bound | S | |
| CVE-2023-33977 | Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS | E S | |
| CVE-2023-33979 | gpt_academic's Configuration File vulnerable to File Information Disclosure | S | |
| CVE-2023-33980 | Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of ... | E | |
| CVE-2023-33981 | Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private gro... | E | |
| CVE-2023-33982 | Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decr... | E | |
| CVE-2023-33983 | The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the p... | E | |
| CVE-2023-33984 | Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository) | | |
| CVE-2023-33985 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | | |
| CVE-2023-33986 | Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management) | | |
| CVE-2023-33987 | Request smuggling and request concatenation in SAP Web Dispatcher | | |
| CVE-2023-33988 | Cross-Site Scripting vulnerability in SAP Enable Now | | |
| CVE-2023-33989 | Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON) | | |
| CVE-2023-33990 | Denial of Service (DoS) vulnerability in SAP SQL Anywhere | | |
| CVE-2023-33991 | Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management | | |
| CVE-2023-33992 | Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA | | |
| CVE-2023-33993 | SQL Injection vulnerability in SAP Business One B1i Layer | | |
| CVE-2023-33994 | WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability | S | |
| CVE-2023-33995 | WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability | S | |
| CVE-2023-33996 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability | S | |
| CVE-2023-33997 | WordPress bbp style pack Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-33998 | WordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerability | S |