| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-34000 | WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR) | E S | |
| CVE-2023-34001 | WordPress Hide My WP Ghost – Security Plugin plugin <= 5.0.25 - Captcha Bypass vulnerability | S | |
| CVE-2023-34002 | WordPress WP Inventory Manager Plugin <= 2.1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34003 | WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability | S | |
| CVE-2023-34004 | WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-34005 | WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34006 | WordPress Telegram Bot & Channel Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34007 | WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-34008 | WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-34009 | WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.1 - Broken Access Control + CSRF | S | |
| CVE-2023-34010 | WordPress Media Library Assistant Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34011 | WordPress ShopConstruct Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34012 | WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34013 | WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-34014 | WordPress Grid Plus plugin <= 1.3.2 - Broken Access Control vulnerability | S | |
| CVE-2023-34015 | WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34017 | WordPress Five Star Restaurant Reservations Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34018 | WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34019 | WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability | S | |
| CVE-2023-34020 | WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Open Redirection vulnerability | S | |
| CVE-2023-34021 | WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34022 | WordPress Dynamic QR Code Generator Plugin <= 0.0.5 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-34023 | WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-34024 | WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34025 | WordPress LWS Hide Login Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34026 | WordPress This Day In History Plugin <= 3.10.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34027 | WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection | | |
| CVE-2023-34028 | WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34029 | WordPress Disable WordPress Update Notifications Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34030 | WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34031 | WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34032 | WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-34033 | WordPress Ajax Pagination and Infinite Scroll Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34034 | Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern ... | | |
| CVE-2023-34035 | Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be sus... | E | |
| CVE-2023-34036 | Forwarded header exploit with Spring HATEOAS on WebFlux | M | |
| CVE-2023-34037 | VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with networ... | | |
| CVE-2023-34038 | VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with netwo... | | |
| CVE-2023-34039 | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique... | E S | |
| CVE-2023-34040 | Java Deserialization vulnerability in Spring-Kafka When Improperly Configured | M | |
| CVE-2023-34041 | CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter | | |
| CVE-2023-34042 | The spring-security.xsd file inside the spring-security-config jar is world writable which means th... | | |
| CVE-2023-34043 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with a... | S | |
| CVE-2023-34044 | Information disclosure vulnerability in bluetooth device-sharing functionality | | |
| CVE-2023-34045 | VMware Fusion installer local privilege escalation | | |
| CVE-2023-34046 | VMware Fusion TOCTOU local privilege escalation vulnerability | | |
| CVE-2023-34047 | Exposure of data and identity to wrong session in Spring for GraphQL | | |
| CVE-2023-34048 | VMware vCenter Server Out-of-Bounds Write Vulnerability | KEV E | |
| CVE-2023-34049 | Salt security advisory release - 2023-OCT-27 | | |
| CVE-2023-34050 | Spring AMQP Deserialization Vulnerability | M | |
| CVE-2023-34051 | VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated,... | S | |
| CVE-2023-34052 | VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non... | S | |
| CVE-2023-34053 | Spring Framework server Web Observations DoS Vulnerability | | |
| CVE-2023-34054 | Reactor Netty HTTP Server Metrics DoS Vulnerability | | |
| CVE-2023-34055 | Spring Boot server Web Observations DoS Vulnerability | | |
| CVE-2023-34056 | VMware vCenter Server Partial Information Disclosure Vulnerability | | |
| CVE-2023-34057 | VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user ... | | |
| CVE-2023-34058 | VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been g... | S | |
| CVE-2023-34059 | open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A mal... | S | |
| CVE-2023-34060 | VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud... | | |
| CVE-2023-34061 | CVE-2023-34061 – Gorouter route pruning | | |
| CVE-2023-34062 | In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a m... | | |
| CVE-2023-34063 | Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor ... | S | |
| CVE-2023-34064 | Privilege Escalation Vulnerability | | |
| CVE-2023-34085 | User Attribute Disclosure via DynamoDB Data Stores | | |
| CVE-2023-34086 | Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentia... | S | |
| CVE-2023-34087 | An improper array index validation vulnerability exists in the EVCD var len parsing functionality of... | E | |
| CVE-2023-34088 | Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface | | |
| CVE-2023-34089 | Decidim Cross-site Scripting vulnerability in the processes filter | | |
| CVE-2023-34090 | Decidim vulnerable to sensitive data disclosure | S | |
| CVE-2023-34091 | Kyverno resource with a deletionTimestamp may allow policy circumvention | | |
| CVE-2023-34092 | Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) | E S | |
| CVE-2023-34093 | Strapi allows actors to make all attributes on a content-type public without noticing it | E S | |
| CVE-2023-34094 | ChuanhuChatGPT vulnerable to unauthorized configuration file access | S | |
| CVE-2023-34095 | cpdb-libs vulnerable to buffer overflows via scanf | E S | |
| CVE-2023-34096 | Thruk has Path Traversal Vulnerability in panorama.pm | E S | |
| CVE-2023-34097 | Database password exposed in logs in hoppscotch | E S | |
| CVE-2023-34098 | Dependency configuration exposed in Shopware | S | |
| CVE-2023-34099 | Improper mail validation in Shopware | S | |
| CVE-2023-34100 | Out-of-Bounds Read in contiki-ng | S | |
| CVE-2023-34101 | Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input | S | |
| CVE-2023-34102 | Possible unsafe reflection / partial denial of service in avo | E S | |
| CVE-2023-34103 | Stored XSS (Cross Site Scripting) in html content based fields of avo | E S | |
| CVE-2023-34104 | Regex Injection via Doctype Entities | S | |
| CVE-2023-34105 | SRS has command injection vulnerability in demonstration api-server for HTTP callback. | E S | |
| CVE-2023-34106 | GLPI vulnerable to unauthorized access to User data | | |
| CVE-2023-34107 | GLPI vulnerable to unauthorized access to KnowbaseItem data | | |
| CVE-2023-34108 | Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords | S | |
| CVE-2023-34109 | User input results in Unbounded resource consumption in @zxcvbn-ts/core | S | |
| CVE-2023-34110 | Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error | S | |
| CVE-2023-34111 | Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin | E | |
| CVE-2023-34112 | JavaCPP project actions vulnerable to code injection | E | |
| CVE-2023-34113 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as this i... | R | |
| CVE-2023-34114 | Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 ... | | |
| CVE-2023-34115 | Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenti... | | |
| CVE-2023-34116 | Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an ... | | |
| CVE-2023-34117 | Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user ... | | |
| CVE-2023-34118 | Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authentic... | | |
| CVE-2023-34119 | Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow ... | | |
| CVE-2023-34120 | Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows ... | | |
| CVE-2023-34121 | Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients be... | | |
| CVE-2023-34122 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as this i... | R | |
| CVE-2023-34123 | Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue ... | | |
| CVE-2023-34124 | The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, al... | | |
| CVE-2023-34125 | Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary... | | |
| CVE-2023-34126 | Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the... | | |
| CVE-2023-34127 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi... | | |
| CVE-2023-34128 | Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This... | | |
| CVE-2023-34129 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Soni... | | |
| CVE-2023-34130 | SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to enc... | | |
| CVE-2023-34131 | Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analyt... | | |
| CVE-2023-34132 | Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analy... | | |
| CVE-2023-34133 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i... | | |
| CVE-2023-34134 | Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analyt... | | |
| CVE-2023-34135 | Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker t... | | |
| CVE-2023-34136 | Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a re... | | |
| CVE-2023-34137 | SonicWall GMS and Analytics CAS Web Services application use static values for authentication withou... | | |
| CVE-2023-34138 | A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware... | | |
| CVE-2023-34139 | A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series... | | |
| CVE-2023-34140 | A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2,... | | |
| CVE-2023-34141 | A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP serie... | | |
| CVE-2023-34142 | Cleartext Transmission Vulnerability in Hitachi Device Manager | | |
| CVE-2023-34143 | Improper Validation of Certificate Vulnerability in Hitachi Device Manager | | |
| CVE-2023-34144 | An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service securit... | S | |
| CVE-2023-34145 | An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service securit... | S | |
| CVE-2023-34146 | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service se... | S | |
| CVE-2023-34147 | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service se... | S | |
| CVE-2023-34148 | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service se... | S | |
| CVE-2023-34149 | Apache Struts: DoS via OOM owing to not properly checking of list bounds | | |
| CVE-2023-34150 | Apache Any23: Possible excessive allocation of resources reading input. | | |
| CVE-2023-34151 | A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of ca... | E S | |
| CVE-2023-34152 | A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerabi... | E S | |
| CVE-2023-34153 | A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulner... | E S | |
| CVE-2023-34154 | Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of thi... | | |
| CVE-2023-34155 | Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this v... | | |
| CVE-2023-34156 | Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploita... | | |
| CVE-2023-34157 | Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may caus... | | |
| CVE-2023-34158 | Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability... | | |
| CVE-2023-34159 | Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerab... | | |
| CVE-2023-34160 | Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability... | | |
| CVE-2023-34161 | nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of t... | | |
| CVE-2023-34162 | Version update determination vulnerability in the user profile module.Successful exploitation of thi... | | |
| CVE-2023-34163 | Permission control vulnerability in the window management module.Successful exploitation of this vul... | | |
| CVE-2023-34164 | Vulnerability of incomplete input parameter verification in the communication framework module. Succ... | | |
| CVE-2023-34165 | Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful expl... | | |
| CVE-2023-34166 | Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitati... | | |
| CVE-2023-34167 | Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability... | | |
| CVE-2023-34168 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection | | |
| CVE-2023-34169 | WordPress TS Webfonts for さくらのレンタルサーバ Plugin <= 3.1.2 is vulnerable to Broken Access Control | S | |
| CVE-2023-34170 | WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34171 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34172 | WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-34173 | WordPress Yandex Metrica Counter Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-34174 | WordPress BBS e-Popup Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34175 | WordPress Login Configurator Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34176 | WordPress Chilexpress woo oficial Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34177 | WordPress WP-Cache.com Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34178 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34179 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to SQL Injection | S | |
| CVE-2023-34180 | WordPress Google Fonts For WordPress Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34181 | WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34182 | WordPress LH Password Changer Plugin <= 1.55 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34183 | WordPress Unite Gallery Lite Plugin <= 1.7.61 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34184 | WordPress Woocommerce Order address Print Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34185 | WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34186 | WordPress Headless CMS plugin <= 2.0.3 - Broken Authentication vulnerability | | |
| CVE-2023-34187 | WordPress Call Now Icon Animate Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34188 | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.... | S | |
| CVE-2023-34189 | Apache InLong: General user can delete and update process | | |
| CVE-2023-34192 | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to ... | KEV | |
| CVE-2023-34193 | File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute ar... | | |
| CVE-2023-34194 | StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable... | S | |
| CVE-2023-34195 | An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 th... | | |
| CVE-2023-34196 | In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allo... | M | |
| CVE-2023-34197 | Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCente... | | |
| CVE-2023-34198 | In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 befo... | | |
| CVE-2023-34203 | In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote use... | | |
| CVE-2023-34204 | imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operati... | E | |
| CVE-2023-34205 | In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output th... | | |
| CVE-2023-34207 | Unrestricted Upload of File with Dangerous Type in EasyUse MailHunter Ultimate | | |
| CVE-2023-34208 | Path Traversal in EasyUse MailHunter Ultimate | | |
| CVE-2023-34209 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate | | |
| CVE-2023-34210 | SQL Injection in EasyUse MailHunter Ultimate | | |
| CVE-2023-34211 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-34212 | Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components | | |
| CVE-2023-34213 | Second Order Command-injection Vulnerability in the Key-generation Function | S | |
| CVE-2023-34214 | Second Order Command-injection Vulnerability in the Certificate-generation Function | S | |
| CVE-2023-34215 | Second Order Command-injection Vulnerability in the Certificate-generation Function | S | |
| CVE-2023-34216 | Second Order Command-injection Vulnerability in the Key-delete Function | S | |
| CVE-2023-34217 | Second Order Command-injection Vulnerability in the Certificate-delete Function | S | |
| CVE-2023-34218 | In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions w... | | |
| CVE-2023-34219 | In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate pe... | | |
| CVE-2023-34220 | In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible... | | |
| CVE-2023-34221 | In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible... | | |
| CVE-2023-34222 | In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible... | | |
| CVE-2023-34223 | In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could... | | |
| CVE-2023-34224 | In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible... | | |
| CVE-2023-34225 | In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible... | | |
| CVE-2023-34226 | In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible... | | |
| CVE-2023-34227 | In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks... | | |
| CVE-2023-34228 | In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for so... | | |
| CVE-2023-34229 | In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible... | | |
| CVE-2023-34230 | Snowflake Connector vulnerable to Command Injection | S | |
| CVE-2023-34231 | Snowflake Golang Driver vulnerable to Command Injection | S | |
| CVE-2023-34232 | Snowflake NodeJS Driver vulnerable to Command Injection | S | |
| CVE-2023-34233 | Snowflake Python Connector vulnerable to Command Injection | S | |
| CVE-2023-34234 | Governor proposal creation may be blocked by frontrunning in OpenZeppelin | S | |
| CVE-2023-34235 | Leaking sensitive user information still possible by filtering on private with prefix fields | E | |
| CVE-2023-34236 | Information Disclosure Vulnerability in Weave GitOps Terraform Controller | E S | |
| CVE-2023-34237 | Remote code execution via specially crafted script settings in SABnzbd | S | |
| CVE-2023-34238 | Local File Inclusion vulnerability in Gatsby | E S | |
| CVE-2023-34239 | Unfiltered paths in gradio | S | |
| CVE-2023-34240 | Weak passwords allowed in cloudexplorer-lite | | |
| CVE-2023-34241 | CUPS vulnerable to use-after-free in cupsdAcceptClient() | E S | |
| CVE-2023-34242 | Cilium vulnerable to information leakage via incorrect ReferenceGrant handling | | |
| CVE-2023-34243 | Windows user name disclosure in TGstation | S | |
| CVE-2023-34244 | GLPI vulnerable to reflected XSS in search pages | | |
| CVE-2023-34245 | Cross site scripting (XSS) in @udecode/plate-link | S | |
| CVE-2023-34246 | Doorkeeper Improper Authentication vulnerability | E S | |
| CVE-2023-34247 | @keystone-6/auth Open Redirect vulnerability | S | |
| CVE-2023-34249 | benjjvi/PyBB may send unsanitized request to SQL database | S | |
| CVE-2023-34250 | Discourse vulnerable to exposure of number of topics recently created in private categories | | |
| CVE-2023-34251 | Grav Server Side Template Injection vulnerability | E S | |
| CVE-2023-34252 | Grav Server-side Template Injection via Insufficient Validation in filterFilter | E S | |
| CVE-2023-34253 | Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass | E S | |
| CVE-2023-34254 | Remote inventory task command injection when using ssh command mode | S | |
| CVE-2023-34255 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2124. Reason: This candidate... | R | |
| CVE-2023-34256 | An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in... | S | |
| CVE-2023-34257 | An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely mod... | E | |
| CVE-2023-34258 | An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely quer... | E | |
| CVE-2023-34259 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory ... | E | |
| CVE-2023-34260 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage)... | E | |
| CVE-2023-34261 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user account... | E | |
| CVE-2023-34262 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34263 | Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability | | |
| CVE-2023-34264 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34265 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34266 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34267 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34268 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34269 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34270 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34271 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34272 | Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability | | |
| CVE-2023-34273 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34274 | D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability | | |
| CVE-2023-34275 | D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-34276 | D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-34277 | D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-34278 | D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-34279 | D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-34280 | D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-34281 | D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-34282 | D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability | | |
| CVE-2023-34283 | NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability | | |
| CVE-2023-34284 | NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability | | |
| CVE-2023-34285 | NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-34286 | Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34287 | Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-34288 | Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability | | |
| CVE-2023-34289 | Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-34290 | Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34291 | Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34292 | Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34293 | Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34294 | Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-34295 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34296 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34297 | Sante DICOM Viewer Pro JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34298 | Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability | | |
| CVE-2023-34299 | Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-34300 | Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-34301 | Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-34302 | Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-34303 | Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-34304 | Ashlar-Vellum Cobalt Out-Of-Bounds Access Remote Code Execution Vulnerability | | |
| CVE-2023-34305 | Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34306 | Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-34307 | Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34308 | Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-34309 | Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-34310 | Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability | | |
| CVE-2023-34311 | Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-34312 | In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll... | E | |
| CVE-2023-34314 | Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may a... | | |
| CVE-2023-34315 | Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an ... | | |
| CVE-2023-34316 | Delta Electronics InfraSuite Device Master Improper Access Control | S | |
| CVE-2023-34317 | An improper input validation vulnerability exists in the OAS Engine User Creation functionality of O... | E | |
| CVE-2023-34318 | Heap-buffer-overflow in src/hcom.c | | |
| CVE-2023-34319 | Linux: buffer overrun in netback due to unusual packet | S | |
| CVE-2023-34320 | arm: Guests can trigger a deadlock on Cortex-A77 | M | |
| CVE-2023-34321 | arm32: The cache may not be properly cleaned/invalidated | S | |
| CVE-2023-34322 | top-level shadow reference dropped too early for 64-bit PV guests | M | |
| CVE-2023-34323 | xenstored: A transaction conflict can crash C Xenstored | S | |
| CVE-2023-34324 | Possible deadlock in Linux kernel event handling | S | |
| CVE-2023-34325 | Multiple vulnerabilities in libfsimage disk handling | S | |
| CVE-2023-34326 | x86/AMD: missing IOMMU TLB flushing | M | |
| CVE-2023-34327 | x86/AMD: Debug Mask handling | S | |
| CVE-2023-34328 | x86/AMD: Debug Mask handling | S | |
| CVE-2023-34329 | Authentication Bypass via HTTP Header Spoofing | | |
| CVE-2023-34330 | Code injection via Dynamic Redfish Extension interface | | |
| CVE-2023-34332 | Untrusted Pointer Dereference in BMC | | |
| CVE-2023-34333 | Untrusted Pointer Dereference | | |
| CVE-2023-34334 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges... | | |
| CVE-2023-34335 | AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to wr... | | |
| CVE-2023-34336 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges... | | |
| CVE-2023-34337 | Inadequate Encryption Strength | | |
| CVE-2023-34338 | hard coded cryptographic key | | |
| CVE-2023-34339 | In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exceptio... | S | |
| CVE-2023-34340 | Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials | | |
| CVE-2023-34341 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges... | | |
| CVE-2023-34342 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbi... | | |
| CVE-2023-34343 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges... | | |
| CVE-2023-34344 | A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username | | |
| CVE-2023-34345 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges... | | |
| CVE-2023-34346 | A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan... | | |
| CVE-2023-34347 | Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data | S | |
| CVE-2023-34348 | Improper Check or Handling of Exceptional Conditions in Aveva PI Server | S | |
| CVE-2023-34349 | Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable ... | S | |
| CVE-2023-34350 | Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an... | | |
| CVE-2023-34351 | Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated us... | | |
| CVE-2023-34352 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fi... | | |
| CVE-2023-34353 | An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open... | E | |
| CVE-2023-34354 | A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of pe... | E | |
| CVE-2023-34355 | Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drive... | S | |
| CVE-2023-34356 | An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf ... | E | |
| CVE-2023-34357 | Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password | S | |
| CVE-2023-34358 | ASUS RT-AX88U - Out-of-bounds Read - 1 | S | |
| CVE-2023-34359 | ASUS RT-AX88U - Out-of-bounds Read - 2 | S | |
| CVE-2023-34360 | ASUS RT-AX88U - Stored XSS | S | |
| CVE-2023-34362 | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5... | KEV E | |
| CVE-2023-34363 | An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When u... | | |
| CVE-2023-34364 | A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracl... | | |
| CVE-2023-34365 | A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of... | | |
| CVE-2023-34366 | A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.... | E | |
| CVE-2023-34367 | Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows... | E | |
| CVE-2023-34368 | WordPress Kanban Boards for WordPress Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34369 | WordPress Login Configurator Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34370 | Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins | S | |
| CVE-2023-34371 | WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34372 | WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-34373 | WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34374 | WordPress AnsPress – Question and answer Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34375 | WordPress Seo By 10Web Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-34376 | WordPress Change WooCommerce Add To Cart Button Text plugin <= 1.3 - Broken Access Control vulnerability | | |
| CVE-2023-34377 | WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-34378 | WordPress WP Hide Post Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34379 | WordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access Control | | |
| CVE-2023-34381 | WordPress Zippy plugin <= 1.6.2 - Broken Access Control vulnerability | S | |
| CVE-2023-34382 | WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection | S | |
| CVE-2023-34383 | WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection | S | |
| CVE-2023-34384 | WordPress Kebo Twitter Feed Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-34385 | WordPress Export Import Menus Plugin <= 1.8.0 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-34386 | WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-34387 | WordPress Constant Contact Forms plugin <= 2.0.3 - Broken Access Control vulnerability | S | |
| CVE-2023-34388 | Improper authentication could lead to session hijacking | | |
| CVE-2023-34389 | Allocation of resources without limits could lead to denial of service | | |
| CVE-2023-34390 | Improper input validation could lead to denial of service | | |
| CVE-2023-34391 | Insecure Inherited Permissions | | |
| CVE-2023-34392 | Missing Authentication for Critical Function | | |
| CVE-2023-34394 | Keysight N6845A Relative Path Traversal | S | |
| CVE-2023-34395 | Apache Airflow ODBC Provider: Remote code execution vulnerability | S | |
| CVE-2023-34396 | Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms | | |
| CVE-2023-34397 | Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. Duri... | | |
| CVE-2023-34398 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some ... | | |
| CVE-2023-34399 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some ... | | |
| CVE-2023-34400 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In ca... | | |
| CVE-2023-34401 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Insid... | | |
| CVE-2023-34402 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Insid... | | |
| CVE-2023-34403 | Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can con... | | |
| CVE-2023-34404 | Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can con... | | |
| CVE-2023-34406 | An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data ... | | |
| CVE-2023-34407 | OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSy... | E | |
| CVE-2023-34408 | DokuWiki before 2023-04-04a allows XSS via RSS titles.... | E S | |
| CVE-2023-34409 | In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in au... | | |
| CVE-2023-34410 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2... | S | |
| CVE-2023-34411 | The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <... | E S | |
| CVE-2023-34412 | Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250 | | |
| CVE-2023-34414 | The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses... | | |
| CVE-2023-34415 | When choosing a site-isolated process for a document loaded from a data: URL that was the result of ... | | |
| CVE-2023-34416 | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these... | | |
| CVE-2023-34417 | Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption a... | | |
| CVE-2023-34418 | A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data st... | S | |
| CVE-2023-34419 | A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products wh... | S | |
| CVE-2023-34420 | A valid, authenticated LXCA user with elevated privileges may be able to execute command injections ... | S | |
| CVE-2023-34421 | A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data thr... | S | |
| CVE-2023-34422 | A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA ... | S | |
| CVE-2023-34423 | Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerabil... | | |
| CVE-2023-34424 | Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentia... | | |
| CVE-2023-34425 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Mon... | | |
| CVE-2023-34426 | A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifa... | | |
| CVE-2023-34427 | Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 4... | | |
| CVE-2023-34429 | Weintek Weincloud Improper Handling of Structural Elements | S | |
| CVE-2023-34430 | Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 ma... | | |
| CVE-2023-34431 | Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to... | S | |
| CVE-2023-34432 | Heap-buffer-overflow in src/formats_i.c | E | |
| CVE-2023-34433 | PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort | S | |
| CVE-2023-34434 | Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param | | |
| CVE-2023-34435 | A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle... | | |
| CVE-2023-34436 | An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKW... | E | |
| CVE-2023-34437 | Baker Hughes Bently Nevada 3500 System Incorrect Permission Assignment for Critical Resource | M | |
| CVE-2023-34438 | Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable ... | S | |
| CVE-2023-34439 | Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulner... | | |
| CVE-2023-34440 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user ... | | |
| CVE-2023-34441 | Baker Hughes Bently Nevada 3500 System Cleartext Transmission of Sensitive Information | M | |
| CVE-2023-34442 | Apache Camel JIRA: Temporary file information disclosure in Camel-Jira | | |
| CVE-2023-34443 | Cross-site Scripting vulnerability in the run_query.php page in Combodo iTop | | |
| CVE-2023-34444 | Cross-site Scripting vulnerability on pages/ajax.searchform.php in Combodo iTop | | |
| CVE-2023-34445 | Cross-site Scripting vulnerability on pages/ajax.render.php in Combodo iTop | | |
| CVE-2023-34446 | iTop XSS vulnerability on pages/preferences.php | S | |
| CVE-2023-34447 | iTop XSS vulnerability on pages/UI.php | S | |
| CVE-2023-34448 | Grav Server-side Template Injection (SSTI) via Twig Default Filters | E S | |
| CVE-2023-34449 | ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` | E S | |
| CVE-2023-34450 | CometBFT PeerState JSON serialization deadlock | E S | |
| CVE-2023-34451 | CometBFT may duplicate transactions in the mempool's data structures | E S | |
| CVE-2023-34452 | Grav vulnerable to Self Cross Site Scripting in /forgot_password | E | |
| CVE-2023-34453 | snappy-java's Integer Overflow vulnerability in shuffle leads to DoS | E S | |
| CVE-2023-34454 | snappy-java's Integer Overflow vulnerability in compress leads to DoS | S | |
| CVE-2023-34455 | snappy-java's unchecked chunk length leads to DoS | E S | |
| CVE-2023-34457 | MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form | E S | |
| CVE-2023-34458 | mx-chain-go's relayed transactions always increment nonce | S | |
| CVE-2023-34459 | OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees | S | |
| CVE-2023-34460 | Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles | S | |
| CVE-2023-34461 | Cross-site Scripting (XSS) Availability in PyBB | S | |
| CVE-2023-34462 | netty-handler SniHandler 16MB allocation | E S | |
| CVE-2023-34463 | Unauthorized users can delete applications in DataEase | E | |
| CVE-2023-34464 | XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | E S | |
| CVE-2023-34465 | XWiki Platform's Mail.MailConfig can be edited by any user with edit rights | E S | |
| CVE-2023-34466 | XWiki Platform's tags on non-viewable pages can be revealed to users | E S | |
| CVE-2023-34467 | XWiki Platform may retrieve email addresses of all users | E S | |
| CVE-2023-34468 | Apache NiFi: Potential Code Injection with Database Services using H2 | | |
| CVE-2023-34469 | Cold Rest Vulnerabiltiy | | |
| CVE-2023-34470 | Improper access control | | |
| CVE-2023-34471 | Missing Cryptographic Step | | |
| CVE-2023-34472 | AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization o... | | |
| CVE-2023-34473 | Usage of Hard-coded Credentials | | |
| CVE-2023-34474 | A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in c... | S | |
| CVE-2023-34475 | A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore... | S | |
| CVE-2023-34476 | Extension - mooj.org - SQLi in Proforms Basic component for Joomla <= 1.6.0 | | |
| CVE-2023-34477 | Extension - braincert.com - SQLi in Virtual Classroom component for Joomla <= 1.6.0 | | |
| CVE-2023-34478 | Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. | | |
| CVE-2023-34486 | itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Script... | E | |
| CVE-2023-34487 | itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQ... | E | |
| CVE-2023-34488 | NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handler function of mqtt_parser.c wh... | E S | |
| CVE-2023-34494 | NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.... | S | |
| CVE-2023-34537 | A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/com... | E | |
| CVE-2023-34540 | Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in t... | E | |
| CVE-2023-34541 | Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.... | E | |
| CVE-2023-34545 | A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands ... | | |
| CVE-2023-34548 | Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.... | E | |
| CVE-2023-34551 | In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ S... | | |
| CVE-2023-34552 | In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulica... | | |
| CVE-2023-34553 | An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code... | | |
| CVE-2023-34561 | A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers... | E | |
| CVE-2023-34563 | netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.... | E | |
| CVE-2023-34565 | Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" functio... | E | |
| CVE-2023-34566 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | | |
| CVE-2023-34567 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | | |
| CVE-2023-34568 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | | |
| CVE-2023-34569 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | | |
| CVE-2023-34570 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | | |
| CVE-2023-34571 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | | |
| CVE-2023-34575 | SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run... | E | |
| CVE-2023-34576 | SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote atta... | S | |
| CVE-2023-34577 | SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attacke... | E S | |
| CVE-2023-34581 | Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID par... | E | |
| CVE-2023-34585 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-34596 | A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Servic... | E | |
| CVE-2023-34597 | A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service ... | E | |
| CVE-2023-34598 | Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the cont... | E | |
| CVE-2023-34599 | Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which en... | E | |
| CVE-2023-34600 | Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.... | E | |
| CVE-2023-34601 | Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the compon... | E | |
| CVE-2023-34602 | JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component qu... | E S | |
| CVE-2023-34603 | JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component qu... | E | |
| CVE-2023-34609 | An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other uns... | E | |
| CVE-2023-34610 | An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other u... | E | |
| CVE-2023-34611 | An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unsp... | E | |
| CVE-2023-34612 | An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other un... | E | |
| CVE-2023-34613 | An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspe... | E | |
| CVE-2023-34614 | An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or ... | E | |
| CVE-2023-34615 | An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other uns... | E | |
| CVE-2023-34616 | An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other uns... | E | |
| CVE-2023-34617 | An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspe... | E | |
| CVE-2023-34620 | An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unsp... | E | |
| CVE-2023-34623 | An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspe... | E | |
| CVE-2023-34624 | An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or oth... | E | |
| CVE-2023-34625 | ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of t... | E | |
| CVE-2023-34626 | Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.... | E | |
| CVE-2023-34634 | Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deseri... | E S | |
| CVE-2023-34635 | Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs... | E | |
| CVE-2023-34637 | A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated ... | E | |
| CVE-2023-34641 | KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for block... | | |
| CVE-2023-34642 | KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for block... | | |
| CVE-2023-34644 | Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeat... | S | |
| CVE-2023-34645 | jfinal CMS 5.1.0 has an arbitrary file read vulnerability.... | E | |
| CVE-2023-34647 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2023-34648 | A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System... | | |
| CVE-2023-34650 | PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2023-34651 | PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2023-34652 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Cou... | | |
| CVE-2023-34654 | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-34656 | An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video manage... | E | |
| CVE-2023-34657 | A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbi... | E | |
| CVE-2023-34658 | Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calli... | | |
| CVE-2023-34659 | jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jm... | E | |
| CVE-2023-34660 | jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interfac... | E | |
| CVE-2023-34666 | Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remot... | E | |
| CVE-2023-34669 | TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of t... | E | |
| CVE-2023-34671 | Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running... | E | |
| CVE-2023-34672 | Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter... | E | |
| CVE-2023-34673 | Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials a... | E | |
| CVE-2023-34682 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-34723 | An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain se... | E | |
| CVE-2023-34724 | An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to... | E | |
| CVE-2023-34725 | An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers t... | E | |
| CVE-2023-34732 | An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6... | | |
| CVE-2023-34733 | A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0... | E | |
| CVE-2023-34734 | Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS)... | E | |
| CVE-2023-34735 | Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.... | E | |
| CVE-2023-34736 | Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.... | E | |
| CVE-2023-34738 | Chemex through 3.7.1 is vulnerable to arbitrary file upload.... | E | |
| CVE-2023-34747 | File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.... | E | |
| CVE-2023-34750 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at ad... | E | |
| CVE-2023-34751 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at ad... | E | |
| CVE-2023-34752 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at ad... | E | |
| CVE-2023-34753 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at ad... | E | |
| CVE-2023-34754 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at ad... | E | |
| CVE-2023-34755 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at... | E | |
| CVE-2023-34756 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at ad... | E | |
| CVE-2023-34758 | Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers t... | | |
| CVE-2023-34761 | An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup,... | E | |
| CVE-2023-34795 | xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread... | E S | |
| CVE-2023-34796 | Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru com... | E | |
| CVE-2023-34797 | Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows at... | E | |
| CVE-2023-34798 | An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary ... | | |
| CVE-2023-34800 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the ... | E | |
| CVE-2023-34823 | fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main... | E | |
| CVE-2023-34824 | fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_rea... | E | |
| CVE-2023-34829 | Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials... | E | |
| CVE-2023-34830 | i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2023-34831 | The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection atta... | E | |
| CVE-2023-34832 | TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN... | E | |
| CVE-2023-34833 | An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows atta... | E | |
| CVE-2023-34834 | A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5... | E | |
| CVE-2023-34835 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400... | E | |
| CVE-2023-34836 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400... | E | |
| CVE-2023-34837 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400... | E | |
| CVE-2023-34838 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400... | E | |
| CVE-2023-34839 | A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote a... | E | |
| CVE-2023-34840 | angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting ... | E | |
| CVE-2023-34842 | Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitr... | | |
| CVE-2023-34843 | Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.... | E | |
| CVE-2023-34844 | Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container ... | E | |
| CVE-2023-34845 | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /ad... | E | |
| CVE-2023-34849 | An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua... | E | |
| CVE-2023-34852 | PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.... | | |
| CVE-2023-34853 | Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hij... | | |
| CVE-2023-34855 | A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Cen... | E | |
| CVE-2023-34856 | A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execu... | E | |
| CVE-2023-34865 | Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename featu... | E | |
| CVE-2023-34867 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_propert... | E | |
| CVE-2023-34868 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse... | E | |
| CVE-2023-34869 | PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability... | | |
| CVE-2023-34872 | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denia... | E S | |
| CVE-2023-34873 | On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature d... | | |
| CVE-2023-34878 | An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir p... | E | |
| CVE-2023-34880 | cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_actio... | E | |
| CVE-2023-34916 | Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.... | E | |
| CVE-2023-34917 | Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.... | E | |
| CVE-2023-34923 | XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad ac... | E | |
| CVE-2023-34924 | H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoBy... | | |
| CVE-2023-34927 | Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endp... | E | |
| CVE-2023-34928 | A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause ... | E | |
| CVE-2023-34929 | A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a De... | E | |
| CVE-2023-34930 | A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a D... | E | |
| CVE-2023-34931 | A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause... | E | |
| CVE-2023-34932 | A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a... | E | |
| CVE-2023-34933 | A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause... | E | |
| CVE-2023-34934 | A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cau... | E | |
| CVE-2023-34935 | A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause ... | E | |
| CVE-2023-34936 | A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause ... | E | |
| CVE-2023-34937 | A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a De... | E | |
| CVE-2023-34939 | Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) v... | E | |
| CVE-2023-34940 | Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /... | E | |
| CVE-2023-34941 | A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Rou... | E | |
| CVE-2023-34942 | Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /... | E | |
| CVE-2023-34944 | An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to ... | S | |
| CVE-2023-34958 | Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given cour... | S | |
| CVE-2023-34959 | An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery... | S | |
| CVE-2023-34960 | A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 al... | | |
| CVE-2023-34961 | Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability ... | S | |
| CVE-2023-34962 | Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access an... | S | |
| CVE-2023-34965 | SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user... | E | |
| CVE-2023-34966 | Samba: infinite loop in mdssvc rpc service for spotlight | M | |
| CVE-2023-34967 | Samba: type confusion in mdssvc rpc service for spotlight | M | |
| CVE-2023-34968 | Samba: spotlight server-side share path disclosure | | |
| CVE-2023-34969 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user w... | E S | |
| CVE-2023-34970 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations | | |
| CVE-2023-34971 | QTS, QuTS hero | S | |
| CVE-2023-34972 | QTS, QuTS hero and QuTScloud | S | |
| CVE-2023-34973 | QTS, QuTS hero | S | |
| CVE-2023-34974 | QTS, QuTS hero, QuTScloud, QVR, QES | S | |
| CVE-2023-34975 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-34976 | Video Station | S | |
| CVE-2023-34977 | Video Station | S | |
| CVE-2023-34979 | QTS, QuTS hero | S | |
| CVE-2023-34980 | QTS, QuTS hero | S | |
| CVE-2023-34981 | Apache Tomcat: AJP response header mix-up | | |
| CVE-2023-34982 | AVEVA Operations Control Logger External Control of File Name or Path | S | |
| CVE-2023-34983 | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software b... | | |
| CVE-2023-34984 | A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 ... | S | |
| CVE-2023-34985 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-34986 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-34987 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-34988 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-34989 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-34990 | A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 a... | S | |
| CVE-2023-34991 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | S | |
| CVE-2023-34992 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-34993 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-34994 | An improper resource allocation vulnerability exists in the OAS Engine configuration management func... | E | |
| CVE-2023-34995 | PiiGAB M-Bus Weak Password Requirements | S | |
| CVE-2023-34997 | Insecure inherited permissions in the installer for some Intel Server Configuration Utility software... | | |
| CVE-2023-34998 | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Sof... | | |
| CVE-2023-34999 | A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) ... | S |