| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-35001 | Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability | S | |
| CVE-2023-35002 | A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGe... | E | |
| CVE-2023-35003 | Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated... | | |
| CVE-2023-35004 | An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GT... | E | |
| CVE-2023-35005 | Apache Airflow: Information disclosure on configuration view | S | |
| CVE-2023-35006 | IBM Security ReaQta HTML injection | | |
| CVE-2023-35009 | IBM Cognos Analytics information disclosure | S | |
| CVE-2023-35011 | IBM Cognos Analytics server-side request forgey | S | |
| CVE-2023-35012 | IBM Db2 code execution | | |
| CVE-2023-35013 | IBM Security Verify Governance information disclosure | S | |
| CVE-2023-35016 | IBM Security Verify Governance path traversal | | |
| CVE-2023-35017 | IBM Security Verify Governance information | | |
| CVE-2023-35018 | IBM Security Verify Governance file upload | S | |
| CVE-2023-35019 | IBM Security Verify Governance command execution | | |
| CVE-2023-35020 | IBM Sterling Control Center directory traversal | S | |
| CVE-2023-35022 | IBM InfoSphere Information Server improper authentication | | |
| CVE-2023-35024 | IBM Cloud Pak for Business Automation cross-site scripting | S | |
| CVE-2023-35029 | Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 thro... | S | |
| CVE-2023-35030 | Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay ... | S | |
| CVE-2023-35031 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Man... | | |
| CVE-2023-35032 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 bef... | | |
| CVE-2023-35033 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Man... | | |
| CVE-2023-35034 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 bef... | | |
| CVE-2023-35035 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Man... | | |
| CVE-2023-35036 | In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6... | | |
| CVE-2023-35037 | WordPress Surfer plugin <= 1.3.2.357 - Broken Access Control vulnerability | S | |
| CVE-2023-35038 | WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35039 | WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication | S | |
| CVE-2023-35040 | WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability | | |
| CVE-2023-35041 | WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35042 | GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang... | | |
| CVE-2023-35043 | WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35044 | WordPress Securimage-WP Plugin <= 3.6.16 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-35045 | WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability | S | |
| CVE-2023-35046 | WordPress Dynamic Visibility for Elementor plugin <= 5.0.5 - Broken Access Control vulnerability | S | |
| CVE-2023-35047 | WordPress All Bootstrap Blocks Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35048 | WordPress Booking and Rental Manager Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-35049 | WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2023-35050 | WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability | S | |
| CVE-2023-35051 | WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability | S | |
| CVE-2023-35052 | WordPress Directorist plugin <= 7.5.4 - Arbitrary Content Deletion vulnerability | S | |
| CVE-2023-35053 | In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms... | | |
| CVE-2023-35054 | In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible... | | |
| CVE-2023-35055 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_2022... | | |
| CVE-2023-35056 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_2022... | | |
| CVE-2023-35057 | An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functio... | E | |
| CVE-2023-35060 | Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1... | | |
| CVE-2023-35061 | Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software befo... | | |
| CVE-2023-35062 | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged ... | | |
| CVE-2023-35064 | SQLi in Satos Mobile | | |
| CVE-2023-35065 | SQLi in Osofts Paint Production Management | | |
| CVE-2023-35066 | SQLi in Infodrom Sofwares E-Invoice Approval System | | |
| CVE-2023-35067 | Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System | | |
| CVE-2023-35068 | SQLi in BMAs Personnel Tracking System | | |
| CVE-2023-35069 | Path Traversal in Bullwark | | |
| CVE-2023-35070 | SQL in VegaGroup Web Collection | | |
| CVE-2023-35071 | SQLi in MRV Tech's Logging Administration Panel | | |
| CVE-2023-35072 | SQLi in Coyav Travels Proagent | | |
| CVE-2023-35073 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-35074 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, wa... | | |
| CVE-2023-35075 | HTML injection via channel autocomplete | S | |
| CVE-2023-35077 | An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Produc... | | |
| CVE-2023-35078 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted... | KEV E | |
| CVE-2023-35080 | A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a ... | | |
| CVE-2023-35081 | A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and ... | KEV | |
| CVE-2023-35082 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to ... | KEV | |
| CVE-2023-35083 | Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager rec... | | |
| CVE-2023-35084 | Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti En... | | |
| CVE-2023-35085 | An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex... | | |
| CVE-2023-35086 | ASUS RT-AX56U V2 & RT-AC86U - Format String -1 | S | |
| CVE-2023-35087 | ASUS RT-AX56U V2 & RT-AC86U - Format String - 2 | S | |
| CVE-2023-35088 | Apache InLong: SQL injection in audit endpoint | | |
| CVE-2023-35089 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35090 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35091 | WordPress WooCommerce Stock Manager Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35092 | WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-35093 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control | | |
| CVE-2023-35094 | WordPress WP Matterport Shortcode Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-35095 | WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35096 | WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35097 | WordPress WP Affiliate Links Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35098 | WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35110 | An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unsp... | E | |
| CVE-2023-35116 | jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified i... | | |
| CVE-2023-35120 | PiiGAB M-Bus Cross-Site Request Forgery | S | |
| CVE-2023-35121 | Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some I... | | |
| CVE-2023-35123 | Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0... | | |
| CVE-2023-35124 | An information disclosure vulnerability exists in the OAS Engine configuration management functional... | E | |
| CVE-2023-35126 | An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and... | E | |
| CVE-2023-35127 | Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow | S | |
| CVE-2023-35128 | An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems function... | E | |
| CVE-2023-35131 | Moodle: xss risk on groups page | S | |
| CVE-2023-35132 | Moodle: minor sql injection risk on mnet sso access control page | S | |
| CVE-2023-35133 | Moodle: ssrf risk due to insufficient check on the curl blocked hosts | S | |
| CVE-2023-35134 | Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password | S | |
| CVE-2023-35136 | An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware ... | | |
| CVE-2023-35137 | An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware v... | S | |
| CVE-2023-35138 | A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 ... | S | |
| CVE-2023-35139 | A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versi... | | |
| CVE-2023-35140 | The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.... | | |
| CVE-2023-35141 | In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the l... | | |
| CVE-2023-35142 | Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Che... | | |
| CVE-2023-35143 | Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifa... | | |
| CVE-2023-35144 | Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display na... | | |
| CVE-2023-35145 | Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the projec... | | |
| CVE-2023-35146 | Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used ... | | |
| CVE-2023-35147 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name pa... | | |
| CVE-2023-35148 | A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plu... | | |
| CVE-2023-35149 | A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier all... | | |
| CVE-2023-35150 | XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application | E S | |
| CVE-2023-35151 | XWiki Platform may show email addresses in clear in REST results | S | |
| CVE-2023-35152 | XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults | S | |
| CVE-2023-35153 | XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters | E S | |
| CVE-2023-35154 | Knowage-Server vulnerable to account validation bypass | | |
| CVE-2023-35155 | XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email | E S | |
| CVE-2023-35156 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template | S | |
| CVE-2023-35157 | XWiki Platform vulnerable to reflected cross-site scripting via delattachment action | S | |
| CVE-2023-35158 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template | S | |
| CVE-2023-35159 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template | S | |
| CVE-2023-35160 | XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template | S | |
| CVE-2023-35161 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page | S | |
| CVE-2023-35162 | XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template | S | |
| CVE-2023-35163 | Vega's validators able to submit duplicate transactions | E S | |
| CVE-2023-35164 | Unauthorized users can manipulate a dashboard created by an administrator in DataEase | E | |
| CVE-2023-35165 | AWS CDK EKS overly permissive trust policies | E M | |
| CVE-2023-35166 | Privilege escalation (PR) from account through TipsPanel | E S | |
| CVE-2023-35167 | When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id | S | |
| CVE-2023-35168 | DataEase has a privilege bypass vulnerability | E | |
| CVE-2023-35169 | php-imap vulnerable to RCE through a directory traversal vulnerability | E S | |
| CVE-2023-35170 | Rejected reason: This CVE is a duplicate of another CVE.... | R | |
| CVE-2023-35171 | Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning | E S | |
| CVE-2023-35172 | Nextcloud Server password reset endpoint is not brute force protected | | |
| CVE-2023-35173 | End-to-End encrypted file-drops can be made inaccessible | S | |
| CVE-2023-35174 | Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows | S | |
| CVE-2023-35175 | Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution... | | |
| CVE-2023-35176 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial o... | | |
| CVE-2023-35177 | Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow r... | | |
| CVE-2023-35178 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing... | | |
| CVE-2023-35179 | 2FA/MFA Bypass Vulnerability in Serv-U 15.4 | S | |
| CVE-2023-35180 | SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability | S | |
| CVE-2023-35181 | SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability | S | |
| CVE-2023-35182 | SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability | S | |
| CVE-2023-35183 | SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability | S | |
| CVE-2023-35184 | SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability | S | |
| CVE-2023-35185 | SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2023-35186 | SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability | S | |
| CVE-2023-35187 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2023-35188 | SQL Injection Remote Code Execution Vulnerability | S | |
| CVE-2023-35189 | Iagona ScrutisWeb Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2023-35191 | Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged use... | | |
| CVE-2023-35192 | Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an ... | | |
| CVE-2023-35193 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of pep... | E | |
| CVE-2023-35194 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of pep... | E | |
| CVE-2023-35296 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-35297 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | S | |
| CVE-2023-35298 | HTTP.sys Denial of Service Vulnerability | S | |
| CVE-2023-35299 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-35300 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2023-35302 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-35303 | USB Audio Class System Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-35304 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35305 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35306 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-35308 | Windows MSHTML Platform Security Feature Bypass Vulnerability | S | |
| CVE-2023-35309 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-35310 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | KEV S | |
| CVE-2023-35312 | Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | S | |
| CVE-2023-35313 | Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | S | |
| CVE-2023-35314 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-35315 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-35316 | Remote Procedure Call Runtime Information Disclosure Vulnerability | S | |
| CVE-2023-35317 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | S | |
| CVE-2023-35318 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-35319 | Remote Procedure Call Runtime Denial of Service Vulnerability | S | |
| CVE-2023-35320 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | S | |
| CVE-2023-35321 | Windows Deployment Services Denial of Service Vulnerability | S | |
| CVE-2023-35322 | Windows Deployment Services Remote Code Execution Vulnerability | S | |
| CVE-2023-35323 | Windows OLE Remote Code Execution Vulnerability | S | |
| CVE-2023-35324 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | S | |
| CVE-2023-35325 | Windows Print Spooler Information Disclosure Vulnerability | S | |
| CVE-2023-35326 | Windows CDP User Components Information Disclosure Vulnerability | S | |
| CVE-2023-35328 | Windows Transaction Manager Elevation of Privilege Vulnerability | S | |
| CVE-2023-35329 | Windows Authentication Denial of Service Vulnerability | S | |
| CVE-2023-35330 | Windows Extended Negotiation Denial of Service Vulnerability | S | |
| CVE-2023-35331 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | S | |
| CVE-2023-35332 | Windows Remote Desktop Protocol Security Feature Bypass | S | |
| CVE-2023-35333 | MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | S | |
| CVE-2023-35335 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-35336 | Windows MSHTML Platform Security Feature Bypass Vulnerability | S | |
| CVE-2023-35337 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-35338 | Windows Peer Name Resolution Protocol Denial of Service Vulnerability | S | |
| CVE-2023-35339 | Windows CryptoAPI Denial of Service Vulnerability | S | |
| CVE-2023-35340 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-35341 | Microsoft DirectMusic Information Disclosure Vulnerability | S | |
| CVE-2023-35342 | Windows Image Acquisition Elevation of Privilege Vulnerability | S | |
| CVE-2023-35343 | Windows Geolocation Service Remote Code Execution Vulnerability | S | |
| CVE-2023-35344 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2023-35345 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2023-35346 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2023-35347 | Microsoft Install Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-35348 | Active Directory Federation Service Security Feature Bypass Vulnerability | S | |
| CVE-2023-35349 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-35350 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | S | |
| CVE-2023-35351 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | S | |
| CVE-2023-35352 | Windows Remote Desktop Security Feature Bypass Vulnerability | S | |
| CVE-2023-35353 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | S | |
| CVE-2023-35355 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-35356 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35357 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35358 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35359 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35360 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35361 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35362 | Windows Clip Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-35363 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35364 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35365 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | S | |
| CVE-2023-35366 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | S | |
| CVE-2023-35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | S | |
| CVE-2023-35368 | Microsoft Exchange Remote Code Execution Vulnerability | S | |
| CVE-2023-35371 | Microsoft Office Remote Code Execution Vulnerability | S | |
| CVE-2023-35372 | Microsoft Office Visio Remote Code Execution Vulnerability | S | |
| CVE-2023-35373 | Mono Authenticode Validation Spoofing Vulnerability | S | |
| CVE-2023-35374 | Paint 3D Remote Code Execution Vulnerability | S | |
| CVE-2023-35376 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-35377 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-35378 | Windows Projected File System Elevation of Privilege Vulnerability | S | |
| CVE-2023-35379 | Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | S | |
| CVE-2023-35380 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35381 | Windows Fax Service Remote Code Execution Vulnerability | S | |
| CVE-2023-35382 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35383 | Microsoft Message Queuing Information Disclosure Vulnerability | S | |
| CVE-2023-35384 | Windows HTML Platforms Security Feature Bypass Vulnerability | S | |
| CVE-2023-35385 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-35386 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35387 | Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-35388 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-35389 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | S | |
| CVE-2023-35390 | .NET and Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-35391 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | S | |
| CVE-2023-35392 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2023-35393 | Azure Apache Hive Spoofing Vulnerability | S | |
| CVE-2023-35394 | Azure HDInsight Jupyter Notebook Spoofing Vulnerability | S | |
| CVE-2023-35618 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-35619 | Microsoft Outlook for Mac Spoofing Vulnerability | S | |
| CVE-2023-35621 | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | S | |
| CVE-2023-35622 | Windows DNS Spoofing Vulnerability | S | |
| CVE-2023-35624 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | S | |
| CVE-2023-35625 | Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | S | |
| CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability | S | |
| CVE-2023-35629 | Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | S | |
| CVE-2023-35631 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-35632 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | S | |
| CVE-2023-35633 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-35634 | Windows Bluetooth Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-35635 | Windows Kernel Denial of Service Vulnerability | S | |
| CVE-2023-35636 | Microsoft Outlook Information Disclosure Vulnerability | S | |
| CVE-2023-35638 | DHCP Server Service Denial of Service Vulnerability | S | |
| CVE-2023-35639 | Microsoft ODBC Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-35641 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | S | |
| CVE-2023-35642 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | S | |
| CVE-2023-35643 | DHCP Server Service Information Disclosure Vulnerability | S | |
| CVE-2023-35644 | Windows Sysmain Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-35645 | In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to loc... | | |
| CVE-2023-35646 | In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could l... | | |
| CVE-2023-35647 | In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of ... | | |
| CVE-2023-35648 | In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of ... | | |
| CVE-2023-35649 | In several functions of Exynos modem files, there is a possible out of bounds write due to a missing... | | |
| CVE-2023-35652 | In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of ... | | |
| CVE-2023-35653 | In TBD of TBD, there is a possible way to access location information due to a permissions bypass. T... | | |
| CVE-2023-35654 | In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds... | | |
| CVE-2023-35655 | In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due t... | | |
| CVE-2023-35656 | In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due t... | | |
| CVE-2023-35658 | In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use ... | S | |
| CVE-2023-35659 | In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to ... | | |
| CVE-2023-35660 | In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory ... | | |
| CVE-2023-35661 | In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to ... | | |
| CVE-2023-35662 | there is a possible out of bounds write due to buffer overflow. This could lead to remote code execu... | | |
| CVE-2023-35663 | In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bou... | | |
| CVE-2023-35664 | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a miss... | S | |
| CVE-2023-35665 | In multiple files, there is a possible way to import a contact from another user due to a missing pe... | S | |
| CVE-2023-35666 | In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the co... | S | |
| CVE-2023-35667 | In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notificat... | S | |
| CVE-2023-35668 | In visitUris of Notification.java, there is a possible way to display images from another user due t... | | |
| CVE-2023-35669 | In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control... | S | |
| CVE-2023-35670 | In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' e... | S | |
| CVE-2023-35671 | In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose N... | S | |
| CVE-2023-35673 | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer ove... | | |
| CVE-2023-35674 | In onCreate of WindowState.java, there is a possible way to launch a background activity due to a lo... | KEV S | |
| CVE-2023-35675 | In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen... | | |
| CVE-2023-35676 | In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a ba... | | |
| CVE-2023-35677 | In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a ... | | |
| CVE-2023-35679 | In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized da... | | |
| CVE-2023-35680 | In multiple locations, there is a possible way to import contacts belonging to other users due to a ... | | |
| CVE-2023-35681 | In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an i... | | |
| CVE-2023-35682 | In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary... | | |
| CVE-2023-35683 | In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applicati... | S | |
| CVE-2023-35684 | In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow... | S | |
| CVE-2023-35685 | In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic err... | E | |
| CVE-2023-35686 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper in... | | |
| CVE-2023-35687 | In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free.... | S | |
| CVE-2023-35689 | In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb bef... | | |
| CVE-2023-35690 | In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught... | | |
| CVE-2023-35691 | there is a possible out of bounds read due to a missing bounds check. This could lead to remote deni... | | |
| CVE-2023-35692 | In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an e... | | |
| CVE-2023-35693 | In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. T... | S | |
| CVE-2023-35694 | In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due t... | | |
| CVE-2023-35695 | A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5... | E S | |
| CVE-2023-35696 | Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to re... | S | |
| CVE-2023-35697 | Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote... | S | |
| CVE-2023-35698 | Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify vali... | S | |
| CVE-2023-35699 | Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local a... | M | |
| CVE-2023-35700 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-35701 | Apache Hive: Arbitrary command execution via JDBC driver | | |
| CVE-2023-35702 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of... | E | |
| CVE-2023-35703 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of... | E | |
| CVE-2023-35704 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of... | E | |
| CVE-2023-35708 | In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7... | S | |
| CVE-2023-35709 | Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-35710 | Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-35711 | Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-35712 | Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability | | |
| CVE-2023-35713 | Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability | | |
| CVE-2023-35714 | Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-35715 | Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability | | |
| CVE-2023-35716 | Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-35717 | TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability | | |
| CVE-2023-35718 | D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-35719 | ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability | | |
| CVE-2023-35720 | ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability | | |
| CVE-2023-35721 | NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability | | |
| CVE-2023-35722 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-35723 | D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability | S | |
| CVE-2023-35724 | D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability | S | |
| CVE-2023-35725 | D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35726 | D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35727 | D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35728 | D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35729 | D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35730 | D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35731 | D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35732 | D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35733 | D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35734 | Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-35735 | D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35736 | D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35737 | D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35738 | D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35739 | D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35740 | D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35741 | D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35742 | D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35743 | D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35744 | D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35745 | D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35746 | D-Link DAP-2622 DDP Firmware Upgrade Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35747 | D-Link DAP-2622 DDP Firmware Upgrade Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35748 | D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-35749 | D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-35750 | D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability | S | |
| CVE-2023-35751 | D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35752 | D-Link DAP-2622 DDP Set AG Profile Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35753 | D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35754 | D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35755 | D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35756 | D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35757 | D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-35759 | In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sa... | | |
| CVE-2023-35762 | OS Command Injection in INEA ME RTU | S | |
| CVE-2023-35763 | Iagona ScrutisWeb Use of Hard-coded Cryptographic Key | | |
| CVE-2023-35764 | Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote ... | | |
| CVE-2023-35765 | PiiGAB M-Bus Plaintext Storage of a Password | S | |
| CVE-2023-35767 | Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core | | |
| CVE-2023-35769 | Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authent... | | |
| CVE-2023-35772 | WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35773 | WordPress Template Debugger Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-35774 | WordPress LWS Tools Plugin <= 2.4.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35775 | WordPress WP Backup Manager Plugin <= 1.13.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35776 | WordPress Sermon'e – Sermons Online Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35777 | WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability | S | |
| CVE-2023-35778 | WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-35779 | WordPress Seed Fonts Plugin 2.3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-35780 | WordPress Galleria Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-35781 | WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35782 | The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.... | S | |
| CVE-2023-35783 | The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x... | S | |
| CVE-2023-35784 | A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3... | S | |
| CVE-2023-35785 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManag... | S | |
| CVE-2023-35786 | Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view file... | | |
| CVE-2023-35788 | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.... | E S | |
| CVE-2023-35789 | An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. C... | S | |
| CVE-2023-35790 | An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in p... | S | |
| CVE-2023-35791 | Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.... | | |
| CVE-2023-35792 | Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).... | | |
| CVE-2023-35793 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session... | E | |
| CVE-2023-35794 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint ... | E | |
| CVE-2023-35796 | A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application im... | | |
| CVE-2023-35797 | Apache Airflow Hive Provider Beeline RCE with Principal | S | |
| CVE-2023-35798 | Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability | S | |
| CVE-2023-35799 | Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive... | | |
| CVE-2023-35800 | Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry o... | | |
| CVE-2023-35801 | A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker t... | M | |
| CVE-2023-35802 | IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of... | | |
| CVE-2023-35803 | IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.... | | |
| CVE-2023-35808 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted... | | |
| CVE-2023-35809 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipula... | | |
| CVE-2023-35810 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order ... | | |
| CVE-2023-35811 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injecti... | | |
| CVE-2023-35812 | An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, becaus... | | |
| CVE-2023-35813 | Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience ... | S | |
| CVE-2023-35814 | DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.... | | |
| CVE-2023-35815 | DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML... | | |
| CVE-2023-35816 | DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.... | | |
| CVE-2023-35817 | DevExpress before 23.1.3 allows AsyncDownloader SSRF.... | | |
| CVE-2023-35818 | An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 pr... | | |
| CVE-2023-35823 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_fini... | S | |
| CVE-2023-35824 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remov... | S | |
| CVE-2023-35825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate... | R | |
| CVE-2023-35826 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remov... | S | |
| CVE-2023-35827 | An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove... | S | |
| CVE-2023-35828 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3... | S | |
| CVE-2023-35829 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remov... | S | |
| CVE-2023-35830 | STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and De... | | |
| CVE-2023-35833 | An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP se... | | |
| CVE-2023-35835 | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access p... | | |
| CVE-2023-35836 | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obt... | | |
| CVE-2023-35837 | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is... | | |
| CVE-2023-35838 | The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such t... | E | |
| CVE-2023-35839 | A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary ... | E | |
| CVE-2023-35840 | _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal... | E S | |
| CVE-2023-35841 | WinFlash Driver Permissions Issue | | |
| CVE-2023-35843 | NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticate... | E | |
| CVE-2023-35844 | packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they all... | E S | |
| CVE-2023-35845 | Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the... | E | |
| CVE-2023-35846 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a fr... | S | |
| CVE-2023-35847 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could ... | S | |
| CVE-2023-35848 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting... | S | |
| CVE-2023-35849 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes woul... | | |
| CVE-2023-35850 | SUNNET WMPro - Command Injection | S | |
| CVE-2023-35851 | SUNNET WMPro - SQL Injection | S | |
| CVE-2023-35852 | In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a d... | S | |
| CVE-2023-35853 | In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to ... | S | |
| CVE-2023-35854 | Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited... | | |
| CVE-2023-35855 | A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a... | E | |
| CVE-2023-35856 | A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by ... | E | |
| CVE-2023-35857 | In Siren Investigate before 13.2.2, session keys remain active even after logging out.... | | |
| CVE-2023-35858 | XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 all... | E | |
| CVE-2023-35859 | A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CM... | | |
| CVE-2023-35860 | A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthentica... | | |
| CVE-2023-35861 | A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B ... | E | |
| CVE-2023-35862 | libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore... | E S | |
| CVE-2023-35863 | In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key... | E | |
| CVE-2023-35866 | In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, inc... | | |
| CVE-2023-35867 | An improper handling of a malformed API answer packets to API clients in Bosch BT software products ... | | |
| CVE-2023-35870 | Improper Access Control in SAP S/4HANA (Manage Journal Entry Template) | | |
| CVE-2023-35871 | Memory Corruption vulnerability in SAP Web Dispatcher | | |
| CVE-2023-35872 | Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool) | | |
| CVE-2023-35873 | Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench) | | |
| CVE-2023-35874 | Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform | | |
| CVE-2023-35875 | WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.8.5 - Broken Access Control vulnerability | S | |
| CVE-2023-35876 | WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-35877 | WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35878 | WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-35879 | WordPress WooCommerce Product Vendors Plugin <= 2.1.78 is vulnerable to SQL Injection | S | |
| CVE-2023-35880 | WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35881 | WordPress WooCommerce One Page Checkout plugin <= 2.3.0 - Local File Inclusion vulnerability | S | |
| CVE-2023-35882 | WordPress Super Socializer Plugin <= 7.13.52 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-35883 | WordPress Core Web Vitals & PageSpeed Booster Plugin <= 1.0.12 is vulnerable to Open Redirection | S | |
| CVE-2023-35884 | WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-35885 | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.... | E | |
| CVE-2023-35887 | Apache MINA SSHD: Information disclosure bugs with RootedFilesystem | | |
| CVE-2023-35888 | IBM Security Verify Governance information disclosure | | |
| CVE-2023-35890 | IBM WebSphere Application Server information disclosure | | |
| CVE-2023-35892 | IBM Financial Transaction Manager for SWIFT Services XML external entity injection | | |
| CVE-2023-35893 | IBM Security Guardium command execution | S | |
| CVE-2023-35894 | IBM Control Center HOST header injection | S | |
| CVE-2023-35895 | IBM Informix JDBC code execution | | |
| CVE-2023-35896 | IBM Content Navigator server-side request forgery | S | |
| CVE-2023-35897 | IBM Spectrum Protect code execution | S | |
| CVE-2023-35898 | IBM InfoSphere Information Server information disclosure | S | |
| CVE-2023-35899 | IBM Cloud Pak for Automation CSV injection | | |
| CVE-2023-35900 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2023-35901 | IBM Robotic Process Automation security bypass | S | |
| CVE-2023-35905 | IBM FileNet Content Manager cross-site scripting | S | |
| CVE-2023-35906 | IBM Aspera Faspex security bypass | S | |
| CVE-2023-35907 | IBM Aspera Faspex information disclosure | | |
| CVE-2023-35908 | Apache Airflow: Access to DAGs without relevant permission | S | |
| CVE-2023-35909 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack | S | |
| CVE-2023-35910 | WordPress Quasar form Plugin <= 6.0 is vulnerable to SQL Injection | | |
| CVE-2023-35911 | WordPress Contact Form Generator Plugin <= 2.6.0 is vulnerable to SQL Injection | | |
| CVE-2023-35912 | WordPress Potent Donations for WooCommerce Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35913 | WordPress OOPSpam Anti-Spam Plugin <= 1.1.44 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35914 | WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-35915 | WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to SQL Injection | S | |
| CVE-2023-35916 | WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-35917 | WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-35918 | WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-35920 | A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All... | | |
| CVE-2023-35921 | A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All... | | |
| CVE-2023-35924 | GLPI vulnerable to SQL injection via inventory agent request | | |
| CVE-2023-35925 | FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption | S | |
| CVE-2023-35926 | Insecure sandbox in Backstage Scaffolder plugin | S | |
| CVE-2023-35927 | Nextcloud system addressbooks can be modified by malicious trusted server | | |
| CVE-2023-35928 | Nextcloud user scoped external storage can be used to gather credentials of other users | | |
| CVE-2023-35929 | Tuleap Cross-site Scripting vulnerability in the card field of the agile dashboard apps | S | |
| CVE-2023-35930 | LookupResources may return partial results in spicedb | S | |
| CVE-2023-35931 | Shescape potential environment variable exposure on Windows with CMD | E S | |
| CVE-2023-35932 | jcvi vulnerable to Configuration Injection due to unsanitized user input | | |
| CVE-2023-35933 | OpenFGA denial of service die to circular relationship | E S | |
| CVE-2023-35934 | yt-dlp File Downloader cookie leak | S | |
| CVE-2023-35935 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-31999. Reason: ... | R | |
| CVE-2023-35936 | Arbitrary file write is possible in Pandoc when using PDF output or --extract-media with untrusted input | E | |
| CVE-2023-35937 | Metersphere missing permission check | E | |
| CVE-2023-35938 | User access not updated with privilege change in Tuleap | S | |
| CVE-2023-35939 | GLPI vulnerable to unauthorized access to Dashboard data | | |
| CVE-2023-35940 | GLPI vulnerable to unauthenticated access to Dashboard data | | |
| CVE-2023-35941 | Envoy vulnerable to OAuth2 credentials exploit with permanent validity | | |
| CVE-2023-35942 | Envoy's gRPC access log crash caused by the listener draining | E | |
| CVE-2023-35943 | Envoy vulnerable to CORS filter segfault when origin header is removed | E | |
| CVE-2023-35944 | Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes | E | |
| CVE-2023-35945 | Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec | | |
| CVE-2023-35946 | Dependency cache path traversal in Gradle | S | |
| CVE-2023-35947 | Path traversal vulnerabilities in handling of Tar archives in Gradle | S | |
| CVE-2023-35948 | Novu Open Redirect Vulnerability in Sign-In with GitHub Functionality | S | |
| CVE-2023-35949 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libig... | E M | |
| CVE-2023-35950 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libig... | E M | |
| CVE-2023-35951 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libig... | E M | |
| CVE-2023-35952 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libig... | E M | |
| CVE-2023-35953 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libig... | E M | |
| CVE-2023-35955 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing... | E | |
| CVE-2023-35956 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing... | E | |
| CVE-2023-35957 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing... | E | |
| CVE-2023-35958 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing... | E | |
| CVE-2023-35959 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.... | E | |
| CVE-2023-35960 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.... | E | |
| CVE-2023-35961 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.... | E | |
| CVE-2023-35962 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.... | E | |
| CVE-2023-35963 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.... | E | |
| CVE-2023-35964 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.... | E | |
| CVE-2023-35965 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan... | | |
| CVE-2023-35966 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan... | | |
| CVE-2023-35967 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functiona... | | |
| CVE-2023-35968 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functiona... | | |
| CVE-2023-35969 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table pa... | E | |
| CVE-2023-35970 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table pa... | E | |
| CVE-2023-35971 | Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface | | |
| CVE-2023-35972 | Authenticated Remote Command Execution in ArubaOS Web-based Management Interface | | |
| CVE-2023-35973 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface | | |
| CVE-2023-35974 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface | | |
| CVE-2023-35975 | Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion | | |
| CVE-2023-35976 | Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface | | |
| CVE-2023-35977 | Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface | | |
| CVE-2023-35978 | Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface | | |
| CVE-2023-35979 | Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface | | |
| CVE-2023-35980 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol | | |
| CVE-2023-35981 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol | | |
| CVE-2023-35982 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol | | |
| CVE-2023-35983 | This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8... | | |
| CVE-2023-35984 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, ... | | |
| CVE-2023-35985 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Read... | E | |
| CVE-2023-35986 | Santesoft Sante DICOM Viewer Pro Stack-based Buffer Overflow | S | |
| CVE-2023-35987 | PiiGAB M-Bus Use of Hard-coded Credentials | S | |
| CVE-2023-35989 | An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave ... | E | |
| CVE-2023-35990 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 1... | | |
| CVE-2023-35991 | Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacke... | | |
| CVE-2023-35992 | An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionali... | E | |
| CVE-2023-35993 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS M... | | |
| CVE-2023-35994 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu... | E | |
| CVE-2023-35995 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu... | E | |
| CVE-2023-35996 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu... | E | |
| CVE-2023-35997 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu... | E | |
| CVE-2023-35998 | ITM Server Missing Authorization in SOAP Endpoints | | |
| CVE-2023-35999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R |