| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-36000 | ITM Server Missing Authorization for Agent Config | | |
| CVE-2023-36001 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-36002 | ITM Server Missing Authorization for URL validation | | |
| CVE-2023-36003 | XAML Diagnostics Elevation of Privilege Vulnerability | S | |
| CVE-2023-36004 | Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | S | |
| CVE-2023-36005 | Windows Telephony Server Elevation of Privilege Vulnerability | S | |
| CVE-2023-36006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36007 | Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability | S | |
| CVE-2023-36008 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2023-36009 | Microsoft Word Information Disclosure Vulnerability | S | |
| CVE-2023-36010 | Microsoft Defender Denial of Service Vulnerability | S | |
| CVE-2023-36011 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-36012 | DHCP Server Service Information Disclosure Vulnerability | S | |
| CVE-2023-36013 | PowerShell Information Disclosure Vulnerability | S | |
| CVE-2023-36014 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2023-36016 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-36017 | Windows Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2023-36018 | Visual Studio Code Jupyter Extension Spoofing Vulnerability | S | |
| CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability | S | |
| CVE-2023-36020 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-36021 | Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | S | |
| CVE-2023-36022 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2023-36024 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36025 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2023-36026 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2023-36027 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36028 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | S | |
| CVE-2023-36029 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2023-36030 | Microsoft Dynamics 365 Sales Spoofing Vulnerability | S | |
| CVE-2023-36031 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-36033 | Windows DWM Core Library Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-36034 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2023-36035 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2023-36036 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-36037 | Microsoft Excel Security Feature Bypass Vulnerability | S | |
| CVE-2023-36038 | ASP.NET Core Denial of Service Vulnerability | S | |
| CVE-2023-36039 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2023-36041 | Microsoft Excel Remote Code Execution Vulnerability | E S | |
| CVE-2023-36042 | Visual Studio Denial of Service Vulnerability | S | |
| CVE-2023-36043 | Open Management Infrastructure Information Disclosure Vulnerability | S | |
| CVE-2023-36045 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2023-36046 | Windows Authentication Denial of Service Vulnerability | S | |
| CVE-2023-36047 | Windows Authentication Elevation of Privilege Vulnerability | S | |
| CVE-2023-36049 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2023-36050 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2023-36052 | Azure CLI REST Command Information Disclosure Vulnerability | S | |
| CVE-2023-36053 | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator ... | S | |
| CVE-2023-36054 | lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees a... | S | |
| CVE-2023-36076 | SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute ... | E | |
| CVE-2023-36081 | Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a re... | E | |
| CVE-2023-36082 | An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privil... | E | |
| CVE-2023-36085 | The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability i... | E | |
| CVE-2023-36088 | Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote ... | E | |
| CVE-2023-36089 | Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers ... | | |
| CVE-2023-36090 | Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain esca... | | |
| CVE-2023-36091 | Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escal... | | |
| CVE-2023-36092 | Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escal... | | |
| CVE-2023-36093 | There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic I... | E | |
| CVE-2023-36095 | An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the ... | E | |
| CVE-2023-36097 | funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.... | E | |
| CVE-2023-36100 | An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain se... | E | |
| CVE-2023-36103 | Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows rem... | E | |
| CVE-2023-36106 | An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to o... | | |
| CVE-2023-36109 | Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitra... | E | |
| CVE-2023-36118 | Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an att... | E M | |
| CVE-2023-36119 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-36120 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-36121 | Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary cod... | E | |
| CVE-2023-36123 | Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows l... | E | |
| CVE-2023-36126 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJa... | | |
| CVE-2023-36127 | User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during passw... | | |
| CVE-2023-36131 | PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improp... | | |
| CVE-2023-36132 | PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.... | | |
| CVE-2023-36133 | PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username... | | |
| CVE-2023-36134 | In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/... | | |
| CVE-2023-36135 | User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during pa... | | |
| CVE-2023-36136 | PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account ... | | |
| CVE-2023-36137 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJa... | | |
| CVE-2023-36138 | PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme ... | | |
| CVE-2023-36139 | In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address an... | | |
| CVE-2023-36140 | In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an a... | | |
| CVE-2023-36141 | User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during ... | | |
| CVE-2023-36143 | Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" f... | E | |
| CVE-2023-36144 | An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticate... | E | |
| CVE-2023-36146 | A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.... | E | |
| CVE-2023-36158 | Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows rem... | E | |
| CVE-2023-36159 | Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 all... | | |
| CVE-2023-36160 | An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attac... | | |
| CVE-2023-36161 | An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers t... | | |
| CVE-2023-36162 | Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gai... | E | |
| CVE-2023-36163 | Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to ex... | E | |
| CVE-2023-36164 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36169 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36177 | An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitr... | E | |
| CVE-2023-36183 | Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitr... | E | |
| CVE-2023-36184 | CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spe... | S | |
| CVE-2023-36187 | Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthentic... | | |
| CVE-2023-36188 | An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain p... | E S | |
| CVE-2023-36189 | SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitiv... | E S | |
| CVE-2023-36191 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36192 | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_pac... | E | |
| CVE-2023-36193 | Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component a... | E S | |
| CVE-2023-36198 | Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial... | E | |
| CVE-2023-36199 | An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service... | E | |
| CVE-2023-36201 | An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive informatio... | | |
| CVE-2023-36210 | MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injec... | E | |
| CVE-2023-36211 | The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated us... | E | |
| CVE-2023-36212 | File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code vi... | E | |
| CVE-2023-36213 | SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the k... | E | |
| CVE-2023-36217 | Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitra... | E | |
| CVE-2023-36220 | Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker t... | E | |
| CVE-2023-36222 | Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker ... | E | |
| CVE-2023-36223 | Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker ... | E | |
| CVE-2023-36234 | Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code... | E | |
| CVE-2023-36235 | An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the ... | E S | |
| CVE-2023-36236 | Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execut... | E S | |
| CVE-2023-36237 | Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arb... | E | |
| CVE-2023-36238 | Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive in... | E | |
| CVE-2023-36239 | libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() f... | E | |
| CVE-2023-36243 | FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function... | E S | |
| CVE-2023-36250 | CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute a... | E | |
| CVE-2023-36252 | An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to exec... | | |
| CVE-2023-36255 | An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker... | E | |
| CVE-2023-36256 | The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF)... | E | |
| CVE-2023-36258 | An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python cod... | E M | |
| CVE-2023-36259 | Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attac... | S | |
| CVE-2023-36260 | An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cau... | | |
| CVE-2023-36262 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36263 | Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAle... | S | |
| CVE-2023-36266 | An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and ... | | |
| CVE-2023-36268 | Rejected reason: DoS issues, or unexploitable crashes, are out of scope for vulnerabilities.... | R | |
| CVE-2023-36271 | LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2... | E S | |
| CVE-2023-36272 | LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8... | E S | |
| CVE-2023-36273 | LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at b... | E | |
| CVE-2023-36274 | LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_writ... | E S | |
| CVE-2023-36281 | An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file t... | E | |
| CVE-2023-36284 | An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_fro... | E | |
| CVE-2023-36287 | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an ... | E | |
| CVE-2023-36288 | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an ... | E | |
| CVE-2023-36289 | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an ... | E | |
| CVE-2023-36291 | Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitr... | | |
| CVE-2023-36293 | SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensit... | | |
| CVE-2023-36298 | DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).... | E | |
| CVE-2023-36299 | A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code vi... | E S | |
| CVE-2023-36301 | Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageSe... | | |
| CVE-2023-36306 | A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a rem... | E | |
| CVE-2023-36307 | ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a Co... | E S | |
| CVE-2023-36308 | disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of r... | E | |
| CVE-2023-36309 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJab... | | |
| CVE-2023-36310 | There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJab... | | |
| CVE-2023-36311 | There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers D... | | |
| CVE-2023-36312 | There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone paramete... | | |
| CVE-2023-36313 | PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters... | | |
| CVE-2023-36314 | There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message pa... | | |
| CVE-2023-36315 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJab... | | |
| CVE-2023-36317 | Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management Syst... | E | |
| CVE-2023-36319 | File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary... | E | |
| CVE-2023-36321 | Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflo... | E S | |
| CVE-2023-36325 | i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden servi... | | |
| CVE-2023-36326 | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allo... | S | |
| CVE-2023-36327 | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allo... | S | |
| CVE-2023-36328 | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667a... | S | |
| CVE-2023-36339 | An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Too... | | |
| CVE-2023-36340 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host... | E | |
| CVE-2023-36344 | An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execu... | | |
| CVE-2023-36345 | A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.... | E | |
| CVE-2023-36346 | POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via ... | E | |
| CVE-2023-36347 | A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticat... | E | |
| CVE-2023-36348 | POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerabilit... | E | |
| CVE-2023-36351 | An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to exec... | E | |
| CVE-2023-36354 | TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were ... | E | |
| CVE-2023-36355 | TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userR... | E | |
| CVE-2023-36356 | TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to cont... | E | |
| CVE-2023-36357 | An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8... | E | |
| CVE-2023-36358 | TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to cont... | E | |
| CVE-2023-36359 | TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to cont... | E | |
| CVE-2023-36360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36361 | Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name param... | | |
| CVE-2023-36362 | An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to... | E S | |
| CVE-2023-36363 | An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows atta... | E S | |
| CVE-2023-36364 | An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to caus... | E S | |
| CVE-2023-36365 | An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attacke... | E S | |
| CVE-2023-36366 | An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers... | E S | |
| CVE-2023-36367 | An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause... | E S | |
| CVE-2023-36368 | An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to ... | E S | |
| CVE-2023-36369 | An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to c... | E S | |
| CVE-2023-36370 | An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause ... | E S | |
| CVE-2023-36371 | An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause... | E S | |
| CVE-2023-36375 | Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute ar... | E M | |
| CVE-2023-36376 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execu... | E | |
| CVE-2023-36377 | Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to e... | | |
| CVE-2023-36380 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only wit... | S | |
| CVE-2023-36381 | WordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object Injection | S | |
| CVE-2023-36382 | WordPress Media Library Categories Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36383 | WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36384 | WordPress Booking Calendar Contact Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36385 | WordPress PostX – Gutenberg Blocks for Post Grid Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36386 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36387 | Apache Superset: Improper API permission for low privilege users | S | |
| CVE-2023-36388 | Apache Superset: Improper API permission for low privilege users allows for SSRF | | |
| CVE-2023-36389 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36390 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36391 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-36392 | DHCP Server Service Denial of Service Vulnerability | S | |
| CVE-2023-36393 | Windows User Interface Application Core Remote Code Execution Vulnerability | S | |
| CVE-2023-36394 | Windows Search Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-36395 | Windows Deployment Services Denial of Service Vulnerability | S | |
| CVE-2023-36396 | Windows Compressed Folder Remote Code Execution Vulnerability | S | |
| CVE-2023-36397 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | S | |
| CVE-2023-36398 | Windows NTFS Information Disclosure Vulnerability | S | |
| CVE-2023-36399 | Windows Storage Elevation of Privilege Vulnerability | S | |
| CVE-2023-36400 | Windows HMAC Key Derivation Elevation of Privilege Vulnerability | S | |
| CVE-2023-36401 | Microsoft Remote Registry Service Remote Code Execution Vulnerability | S | |
| CVE-2023-36402 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36403 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-36404 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2023-36405 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-36406 | Windows Hyper-V Information Disclosure Vulnerability | S | |
| CVE-2023-36407 | Windows Hyper-V Elevation of Privilege Vulnerability | S | |
| CVE-2023-36408 | Windows Hyper-V Elevation of Privilege Vulnerability | S | |
| CVE-2023-36409 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2023-36410 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-36413 | Microsoft Office Security Feature Bypass Vulnerability | S | |
| CVE-2023-36414 | Azure Identity SDK Remote Code Execution Vulnerability | S | |
| CVE-2023-36415 | Azure Identity SDK Remote Code Execution Vulnerability | S | |
| CVE-2023-36416 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-36417 | Microsoft SQL OLE DB Remote Code Execution Vulnerability | S | |
| CVE-2023-36418 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-36419 | Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability | S | |
| CVE-2023-36420 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36422 | Microsoft Windows Defender Elevation of Privilege Vulnerability | S | |
| CVE-2023-36423 | Microsoft Remote Registry Service Remote Code Execution Vulnerability | S | |
| CVE-2023-36424 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-36425 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | S | |
| CVE-2023-36427 | Windows Hyper-V Elevation of Privilege Vulnerability | S | |
| CVE-2023-36428 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | S | |
| CVE-2023-36429 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | S | |
| CVE-2023-36431 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-36433 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | S | |
| CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability | S | |
| CVE-2023-36435 | Microsoft QUIC Denial of Service Vulnerability | S | |
| CVE-2023-36436 | Windows MSHTML Platform Remote Code Execution Vulnerability | S | |
| CVE-2023-36437 | Azure DevOps Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36438 | Windows TCP/IP Information Disclosure Vulnerability | S | |
| CVE-2023-36439 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36456 | Authentik lacks Proxy IP headers validation | S | |
| CVE-2023-36457 | 1Panel vulnerable to command injection when adding container repositories | E | |
| CVE-2023-36458 | 1Panel vulnerable to ommand injection when entering the container terminal | E | |
| CVE-2023-36459 | Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards | S | |
| CVE-2023-36460 | Mastodon vulnerable to arbitrary file creation through media attachments | S | |
| CVE-2023-36461 | Mastodon vulnerable to Denial of Service through slow HTTP responses | S | |
| CVE-2023-36462 | Mastodon's verified profile links can be formatted in a misleading way | S | |
| CVE-2023-36463 | Cross site scripting (XSS) in meldekarten generator | E S | |
| CVE-2023-36464 | Infinite Loop when a comment isn't followed by a character in pypdf | E S | |
| CVE-2023-36465 | Decidim has broken access control in templates | | |
| CVE-2023-36466 | Topic Title Validation Skipped When Changing Category in Discourse | | |
| CVE-2023-36467 | AWS data.all vulnerable to RCE through user injection of Python Commands | S | |
| CVE-2023-36468 | Upgrading doesn't prevent exploiting vulnerable XWiki documents | E S | |
| CVE-2023-36469 | Code injection through NotificationRSSService in XWiki Platform | E S | |
| CVE-2023-36470 | Code injection in icon themes of XWiki Platform | E S | |
| CVE-2023-36471 | HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml | E S | |
| CVE-2023-36472 | Strapi may leak sensitive user information, user reset password, tokens via content-manager views | E | |
| CVE-2023-36473 | CSP nonce reuse vulnerability in Discourse | | |
| CVE-2023-36474 | Interactsh server settings make users vulnerable to Subdomain Takeover | S | |
| CVE-2023-36475 | Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution | S | |
| CVE-2023-36476 | `calamares-nixos-extensions` LUKS keyfile exposure | E S | |
| CVE-2023-36477 | Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform | E S | |
| CVE-2023-36478 | HTTP/2 HPACK integer overflow and buffer allocation | E S | |
| CVE-2023-36479 | Jetty vulnerable to errant command quoting in CGI Servlet | E S | |
| CVE-2023-36480 | Aerospike Java Client vulnerable to unsafe deserialization of server responses | S | |
| CVE-2023-36481 | An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, ... | | |
| CVE-2023-36482 | An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer cop... | | |
| CVE-2023-36483 | MAS (a Carrier brand) MASmobile Classic Authorization Bypass | S | |
| CVE-2023-36484 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).... | | |
| CVE-2023-36485 | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run a... | S | |
| CVE-2023-36486 | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run a... | S | |
| CVE-2023-36487 | The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote ... | | |
| CVE-2023-36488 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).... | | |
| CVE-2023-36489 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS ... | | |
| CVE-2023-36490 | Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated ... | | |
| CVE-2023-36492 | Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthent... | S | |
| CVE-2023-36493 | Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an auth... | | |
| CVE-2023-36494 | F5OS-A vulnerability | | |
| CVE-2023-36495 | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6... | | |
| CVE-2023-36496 | Delegated Admin Virtual Attribute Provider Privilege Escalation | | |
| CVE-2023-36497 | Dover Fueling Solutions MAGLINK LX Web Console Authentication Bypass by Primary Weakness | S | |
| CVE-2023-36498 | A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-... | E | |
| CVE-2023-36499 | Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg... | E | |
| CVE-2023-36501 | WordPress teachPress Plugin <= 9.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36502 | WordPress Balkon Theme <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36503 | WordPress MaxButtons Plugin <= 9.5.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36504 | WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability | | |
| CVE-2023-36505 | WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion | S | |
| CVE-2023-36506 | WordPress YITH WooCommerce Waitlist plugin <= 2.13.0 - Broken Access Control vulnerability | S | |
| CVE-2023-36507 | WordPress BookingPress Plugin <= 1.0.64 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-36508 | WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection | S | |
| CVE-2023-36509 | WordPress CHP Ads Block Detector plugin <= 3.9.5 - Broken Access Control vulnerability | S | |
| CVE-2023-36510 | WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability | S | |
| CVE-2023-36511 | WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-36512 | WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability | S | |
| CVE-2023-36513 | WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-36514 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-36515 | WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2023-36516 | WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability | S | |
| CVE-2023-36517 | WordPress WP Abstracts Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-36518 | WordPress Post Hit Counter plugin <= 1.3.2 - Broken Access Control | | |
| CVE-2023-36519 | WordPress SW Product Bundles plugin <= 2.0.15 - Broken Access Control vulnerability | | |
| CVE-2023-36520 | WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-36521 | A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All... | | |
| CVE-2023-36522 | WordPress Quiz Expert – Easy Quiz Maker, Exam and Test Manager Plugin <= 1.5.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-36523 | WordPress Email download link Plugin <= 3.7 is vulnerable to Sensitive Data Exposure | | |
| CVE-2023-36526 | WordPress Duplicate Post Page Menu & Custom Post Type plugin <= 2.4.1 - Broken Access Control vulnerability | | |
| CVE-2023-36527 | WordPress Post to CSV by BestWebSoft Plugin <= 1.4.0 is vulnerable to CSV Injection | S | |
| CVE-2023-36528 | WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability | S | |
| CVE-2023-36529 | WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection | S | |
| CVE-2023-36530 | WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36531 | WordPress LiquidPoll plugin <= 3.3.68 - Broken Access Control vulnerability | S | |
| CVE-2023-36532 | Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial o... | | |
| CVE-2023-36533 | Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to en... | | |
| CVE-2023-36534 | Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to... | | |
| CVE-2023-36535 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenti... | | |
| CVE-2023-36536 | Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow a... | | |
| CVE-2023-36537 | Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authentic... | | |
| CVE-2023-36538 | Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated u... | | |
| CVE-2023-36539 | Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sens... | | |
| CVE-2023-36540 | Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow a... | | |
| CVE-2023-36541 | Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may ... | | |
| CVE-2023-36542 | Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources | | |
| CVE-2023-36543 | Apache Airflow: ReDoS via dags function | S | |
| CVE-2023-36546 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36547 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-36548 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-36549 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-36550 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-36551 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 thr... | S | |
| CVE-2023-36553 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2023-36554 | A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, versi... | S | |
| CVE-2023-36555 | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS... | S | |
| CVE-2023-36556 | An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2,... | S | |
| CVE-2023-36557 | PrintHTML API Remote Code Execution Vulnerability | S | |
| CVE-2023-36558 | ASP.NET Core Security Feature Bypass Vulnerability | S | |
| CVE-2023-36559 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2023-36560 | ASP.NET Security Feature Bypass Vulnerability | S | |
| CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | S | |
| CVE-2023-36562 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | KEV S | |
| CVE-2023-36564 | Windows Search Security Feature Bypass Vulnerability | S | |
| CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability | S | |
| CVE-2023-36566 | Microsoft Common Data Model SDK Denial of Service Vulnerability | S | |
| CVE-2023-36567 | Windows Deployment Services Information Disclosure Vulnerability | S | |
| CVE-2023-36568 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | S | |
| CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability | S | |
| CVE-2023-36570 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36571 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36572 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36573 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36574 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36575 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36576 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2023-36577 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36578 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36579 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-36581 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-36582 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36583 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV S | |
| CVE-2023-36585 | Windows upnphost.dll Denial of Service Vulnerability | S | |
| CVE-2023-36589 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36590 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36591 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36592 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36593 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36594 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | S | |
| CVE-2023-36598 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | S | |
| CVE-2023-36602 | Windows TCP/IP Denial of Service Vulnerability | S | |
| CVE-2023-36603 | Windows TCP/IP Denial of Service Vulnerability | S | |
| CVE-2023-36605 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | S | |
| CVE-2023-36606 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-36607 | CVE-2023-36607 | M | |
| CVE-2023-36608 | The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption... | M | |
| CVE-2023-36609 | The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scri... | M | |
| CVE-2023-36610 | The affected TBox RTUs generate software security tokens using insufficient entropy. The random se... | M | |
| CVE-2023-36611 | The affected TBox RTUs allow low privilege users to access software security tokens of higher privi... | M | |
| CVE-2023-36612 | Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android,... | E | |
| CVE-2023-36617 | A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles ... | M | |
| CVE-2023-36618 | Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands ... | E | |
| CVE-2023-36619 | Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrati... | E | |
| CVE-2023-36620 | An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The ... | E | |
| CVE-2023-36621 | An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The... | | |
| CVE-2023-36622 | The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote... | E | |
| CVE-2023-36623 | The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secre... | E | |
| CVE-2023-36624 | Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escala... | E | |
| CVE-2023-36627 | FlashBlade Snapshot Scheduler | S | |
| CVE-2023-36628 | Privilege Escalation in VASA | S | |
| CVE-2023-36629 | The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-... | E | |
| CVE-2023-36630 | In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication by... | E | |
| CVE-2023-36631 | Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows l... | E | |
| CVE-2023-36632 | The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "Recu... | E | |
| CVE-2023-36633 | An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 a... | S | |
| CVE-2023-36634 | An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the ... | S | |
| CVE-2023-36635 | An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through... | S | |
| CVE-2023-36636 | Rejected reason: Not used... | R | |
| CVE-2023-36637 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail v... | S | |
| CVE-2023-36638 | An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 ... | S | |
| CVE-2023-36639 | A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.... | S | |
| CVE-2023-36640 | A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.... | S | |
| CVE-2023-36641 | A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.... | S | |
| CVE-2023-36642 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the m... | S | |
| CVE-2023-36643 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders fr... | E | |
| CVE-2023-36644 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order con... | E | |
| CVE-2023-36645 | SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries vi... | E | |
| CVE-2023-36646 | Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a... | E | |
| CVE-2023-36647 | A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike... | E | |
| CVE-2023-36648 | Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows ... | E | |
| CVE-2023-36649 | Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpik... | E | |
| CVE-2023-36650 | A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to e... | E | |
| CVE-2023-36651 | Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to... | E | |
| CVE-2023-36652 | A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remo... | E | |
| CVE-2023-36654 | Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows rem... | E | |
| CVE-2023-36655 | The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the use... | E | |
| CVE-2023-36656 | Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote ... | E S | |
| CVE-2023-36657 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (deskt... | | |
| CVE-2023-36658 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path tha... | | |
| CVE-2023-36659 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly proce... | | |
| CVE-2023-36660 | The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.... | S | |
| CVE-2023-36661 | Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF... | | |
| CVE-2023-36662 | The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Act... | | |
| CVE-2023-36663 | it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticat... | S | |
| CVE-2023-36664 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pip... | | |
| CVE-2023-36665 | "protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a differen... | E S | |
| CVE-2023-36666 | INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edi... | S | |
| CVE-2023-36667 | Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.... | | |
| CVE-2023-36669 | Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 a... | | |
| CVE-2023-36670 | A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An a... | | |
| CVE-2023-36671 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecu... | E | |
| CVE-2023-36672 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecu... | E | |
| CVE-2023-36673 | An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely con... | E | |
| CVE-2023-36674 | An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x bef... | S | |
| CVE-2023-36675 | An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x... | E | |
| CVE-2023-36676 | WordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerability | S | |
| CVE-2023-36677 | WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection | S | |
| CVE-2023-36678 | WordPress WP Content Copy Protection & No Right Click Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36679 | WordPress Spectra plugin <= 2.6.6 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2023-36680 | WordPress Image Regenerate & Select Crop plugin <= 7.1.0 - Broken Access Control vulnerability | S | |
| CVE-2023-36681 | WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.6.2 - Broken Access Control vulnerability | S | |
| CVE-2023-36682 | WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-36683 | WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability | S | |
| CVE-2023-36684 | WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability | S | |
| CVE-2023-36685 | WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-36686 | WordPress CartFlows Pro Plugin <= 1.11.11 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36687 | WordPress Menubar Plugin <= 5.8.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-36688 | WordPress Simple Site Verify Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36689 | WordPress WPFactory Helper Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-36690 | WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-36691 | WordPress WebwinkelKeur Plugin <= 3.24 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-36692 | WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-36693 | WordPress WP RSS Images Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-36694 | WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability | | |
| CVE-2023-36695 | WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability | S | |
| CVE-2023-36696 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-36697 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36698 | Windows Kernel Security Feature Bypass Vulnerability | S | |
| CVE-2023-36701 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36702 | Microsoft DirectMusic Remote Code Execution Vulnerability | S | |
| CVE-2023-36703 | DHCP Server Service Denial of Service Vulnerability | S | |
| CVE-2023-36704 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | S | |
| CVE-2023-36705 | Windows Installer Elevation of Privilege Vulnerability | S | |
| CVE-2023-36706 | Windows Deployment Services Information Disclosure Vulnerability | S | |
| CVE-2023-36707 | Windows Deployment Services Denial of Service Vulnerability | S | |
| CVE-2023-36709 | Microsoft AllJoyn API Denial of Service Vulnerability | S | |
| CVE-2023-36710 | Windows Media Foundation Core Remote Code Execution Vulnerability | S | |
| CVE-2023-36711 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | S | |
| CVE-2023-36712 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-36713 | Windows Common Log File System Driver Information Disclosure Vulnerability | S | |
| CVE-2023-36717 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | S | |
| CVE-2023-36718 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | S | |
| CVE-2023-36719 | Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36720 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | S | |
| CVE-2023-36721 | Windows Error Reporting Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-36722 | Active Directory Domain Services Information Disclosure Vulnerability | S | |
| CVE-2023-36723 | Windows Container Manager Service Elevation of Privilege Vulnerability | S | |
| CVE-2023-36724 | Windows Power Management Service Information Disclosure Vulnerability | S | |
| CVE-2023-36725 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-36726 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | S | |
| CVE-2023-36727 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2023-36728 | Microsoft SQL Server Denial of Service Vulnerability | S | |
| CVE-2023-36729 | Named Pipe File System Elevation of Privilege Vulnerability | S | |
| CVE-2023-36730 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36731 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-36732 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-36735 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36736 | Microsoft Identity Linux Broker Remote Code Execution Vulnerability | S | |
| CVE-2023-36737 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | S | |
| CVE-2023-36739 | 3D Viewer Remote Code Execution Vulnerability | S | |
| CVE-2023-36740 | 3D Viewer Remote Code Execution Vulnerability | S | |
| CVE-2023-36741 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2023-36743 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36746 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len ... | E | |
| CVE-2023-36747 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len ... | E | |
| CVE-2023-36748 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36749 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36750 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36751 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36752 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36753 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36754 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36755 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2023-36758 | Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2023-36760 | 3D Viewer Remote Code Execution Vulnerability | S | |
| CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability | KEV S | |
| CVE-2023-36762 | Microsoft Word Remote Code Execution Vulnerability | S | |
| CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability | S | |
| CVE-2023-36764 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | S | |
| CVE-2023-36765 | Microsoft Office Elevation of Privilege Vulnerability | S | |
| CVE-2023-36766 | Microsoft Excel Information Disclosure Vulnerability | S | |
| CVE-2023-36767 | Microsoft Office Security Feature Bypass Vulnerability | S | |
| CVE-2023-36769 | Microsoft OneNote Spoofing Vulnerability | S | |
| CVE-2023-36770 | 3D Builder Remote Code Execution Vulnerability | S | |
| CVE-2023-36771 | 3D Builder Remote Code Execution Vulnerability | S | |
| CVE-2023-36772 | 3D Builder Remote Code Execution Vulnerability | S | |
| CVE-2023-36773 | 3D Builder Remote Code Execution Vulnerability | S | |
| CVE-2023-36776 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-36777 | Microsoft Exchange Server Information Disclosure Vulnerability | S | |
| CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | S | |
| CVE-2023-36785 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | S | |
| CVE-2023-36787 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability | S | |
| CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | S | |
| CVE-2023-36790 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2023-36799 | .NET Core and Visual Studio Denial of Service Vulnerability | S | |
| CVE-2023-36800 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | S | |
| CVE-2023-36801 | DHCP Server Service Information Disclosure Vulnerability | S | |
| CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2023-36804 | Windows GDI Elevation of Privilege Vulnerability | S | |
| CVE-2023-36805 | Windows MSHTML Platform Security Feature Bypass Vulnerability | S | |
| CVE-2023-36806 | Contao cross site scripting vulnerability via input unit widget | E S | |
| CVE-2023-36807 | Infinite Loop when reading malformed objects in pypdf | E S | |
| CVE-2023-36808 | GLPI vulnerable to SQL injection through Computer Virtual Machine information | | |
| CVE-2023-36809 | Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox | E S | |
| CVE-2023-36810 | Quadratic runtime with malformed PDF missing xref marker in pypdf | E S | |
| CVE-2023-36811 | Archive spoofing vulnerability in borgbackup | S | |
| CVE-2023-36812 | Remote Code Execution in OpenTSDB | S | |
| CVE-2023-36813 | Kanboard Authenticated SQL Injections vulnerability | E S | |
| CVE-2023-36814 | zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module | S | |
| CVE-2023-36815 | Sealos billing system permission control defect | | |
| CVE-2023-36816 | Cross-Site Scripting (XSS) at Account creation in 2FAuth | E | |
| CVE-2023-36817 | The King's Temple Church website Leaked Stripe API Key in Public Code Repository | M | |
| CVE-2023-36818 | Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse | S | |
| CVE-2023-36819 | Knowage-Server vulnerable to Path traversal in download functionalities | E | |
| CVE-2023-36820 | micronaut security has invalid IdTokenClaimsValidator logic on aud | E S | |
| CVE-2023-36821 | Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation | E S | |
| CVE-2023-36822 | Uptime Kuma authenticated path traversal via plugin repository name may lead to unavailability or data loss | E S | |
| CVE-2023-36823 | Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content | S | |
| CVE-2023-36824 | Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis | | |
| CVE-2023-36825 | Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution | | |
| CVE-2023-36826 | Sentry vulnerable to improper authorization on debug and artifact file downloads | S | |
| CVE-2023-36827 | Fides vulnerable to Path Traversal in Webserver API | S | |
| CVE-2023-36828 | Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG | E S | |
| CVE-2023-36829 | Sentry CORS misconfiguration vulnerability | S | |
| CVE-2023-36830 | SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code. | E | |
| CVE-2023-36831 | Junos OS: SRX Series: jbuf memory leak when SSL Proxy and UTM Web-Filtering is applied | S | |
| CVE-2023-36832 | Junos OS: MX Series: PFE crash upon receipt of specific packet destined to an AMS interface | S | |
| CVE-2023-36833 | Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps | S | |
| CVE-2023-36834 | Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS | S | |
| CVE-2023-36835 | Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet has been received which needs to be routed over a VXLAN tunnel | S | |
| CVE-2023-36836 | Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed | S | |
| CVE-2023-36838 | Junos OS: SRX Series: A flowd core occurs when running a low privileged CLI command | S | |
| CVE-2023-36839 | Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are received | S | |
| CVE-2023-36840 | Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run | S | |
| CVE-2023-36841 | Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service | S | |
| CVE-2023-36842 | Junos OS: jdhcpd will hang on receiving a specific DHCP packet | S | |
| CVE-2023-36843 | Junos OS: SRX Series: The PFE will crash on receiving malformed SSL traffic when Sky ATP is enabled | S | |
| CVE-2023-36844 | Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables | KEV E S | |
| CVE-2023-36845 | Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable | KEV E S | |
| CVE-2023-36846 | Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | KEV S | |
| CVE-2023-36847 | Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | KEV S | |
| CVE-2023-36848 | Junos OS: MX Series: The FPC will crash on receiving a malformed CFM packet | S | |
| CVE-2023-36849 | Junos OS and Junos OS Evolved: The l2cpd will crash when a malformed LLDP packet is received | S | |
| CVE-2023-36850 | Junos OS: MX Series: An MPC will crash upon receipt of a malformed CFM packet. | S | |
| CVE-2023-36851 | Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files | KEV S | |
| CVE-2023-36853 | Keysight Geolocation Server Exposed Dangerous Method or Function | S | |
| CVE-2023-36854 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ve... | | |
| CVE-2023-36857 | Baker Hughes Bently Nevada 3500 System Authentication Bypass by Capture-replay | M | |
| CVE-2023-36858 | BIG-IP Edge Client for Windows and macOS vulnerability | | |
| CVE-2023-36859 | PiiGAB M-Bus Code Injection | S | |
| CVE-2023-36860 | Improper input validation for some Intel Unison software may allow an authenticated user to potentia... | | |
| CVE-2023-36861 | An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3... | E | |
| CVE-2023-36862 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing res... | | |
| CVE-2023-36864 | An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocatio... | E | |
| CVE-2023-36865 | Microsoft Office Visio Remote Code Execution Vulnerability | S | |
| CVE-2023-36866 | Microsoft Office Visio Remote Code Execution Vulnerability | S | |
| CVE-2023-36867 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | S | |
| CVE-2023-36868 | Azure Service Fabric on Windows Information Disclosure Vulnerability | S | |
| CVE-2023-36869 | Azure DevOps Server Spoofing Vulnerability | S | |
| CVE-2023-36871 | Azure Active Directory Security Feature Bypass Vulnerability | S | |
| CVE-2023-36872 | VP9 Video Extensions Information Disclosure Vulnerability | S | |
| CVE-2023-36873 | .NET Framework Spoofing Vulnerability | S | |
| CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2023-36876 | Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | S | |
| CVE-2023-36877 | Azure Apache Oozie Spoofing Vulnerability | S | |
| CVE-2023-36878 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | S | |
| CVE-2023-36880 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2023-36881 | Azure Apache Ambari Spoofing Vulnerability | S | |
| CVE-2023-36882 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2023-36883 | Microsoft Edge for iOS Spoofing Vulnerability | S | |
| CVE-2023-36884 | Windows Search Remote Code Execution Vulnerability | KEV S | |
| CVE-2023-36886 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-36887 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | E S | |
| CVE-2023-36888 | Microsoft Edge for Android (Chromium-based) Tampering Vulnerability | S | |
| CVE-2023-36889 | Windows Group Policy Security Feature Bypass Vulnerability | S | |
| CVE-2023-36890 | Microsoft SharePoint Server Information Disclosure Vulnerability | S | |
| CVE-2023-36891 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2023-36892 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2023-36893 | Microsoft Outlook Spoofing Vulnerability | S | |
| CVE-2023-36894 | Microsoft SharePoint Server Information Disclosure Vulnerability | S | |
| CVE-2023-36895 | Microsoft Outlook Remote Code Execution Vulnerability | S | |
| CVE-2023-36896 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2023-36897 | Visual Studio Tools for Office Runtime Spoofing Vulnerability | S | |
| CVE-2023-36898 | Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | S | |
| CVE-2023-36899 | ASP.NET Elevation of Privilege Vulnerability | S | |
| CVE-2023-36900 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-36902 | Windows Runtime Remote Code Execution Vulnerability | S | |
| CVE-2023-36903 | Windows System Assessment Tool Elevation of Privilege Vulnerability | S | |
| CVE-2023-36904 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-36905 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | S | |
| CVE-2023-36906 | Windows Cryptographic Services Information Disclosure Vulnerability | S | |
| CVE-2023-36907 | Windows Cryptographic Services Information Disclosure Vulnerability | S | |
| CVE-2023-36908 | Windows Hyper-V Information Disclosure Vulnerability | S | |
| CVE-2023-36909 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-36910 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36911 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | S | |
| CVE-2023-36912 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-36913 | Microsoft Message Queuing Information Disclosure Vulnerability | S | |
| CVE-2023-36914 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | S | |
| CVE-2023-36915 | Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocati... | E | |
| CVE-2023-36916 | Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocati... | E | |
| CVE-2023-36917 | Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2023-36918 | Cross-Site Scripting vulnerability in SAP Enable Now | | |
| CVE-2023-36919 | Information Disclosure in SAP Enable Now | | |
| CVE-2023-36920 | Clickjacking vulnerability in SAP Enable Now | | |
| CVE-2023-36921 | Header Injection in SAP Solution Manager (Diagnostic Agent) | | |
| CVE-2023-36922 | OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL) | | |
| CVE-2023-36923 | Code Injection vulnerability in SAP PowerDesigner | | |
| CVE-2023-36924 | Log Injection vulnerability in SAP ERP Defense Forces and Public Security | | |
| CVE-2023-36925 | Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent) | | |
| CVE-2023-36926 | Information disclosure vulnerability in SAP Host Agent | | |
| CVE-2023-36932 | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0... | | |
| CVE-2023-36933 | In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8... | | |
| CVE-2023-36934 | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0... | S | |
| CVE-2023-36935 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-36936 | Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PH... | E | |
| CVE-2023-36939 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to exec... | E | |
| CVE-2023-36940 | Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and My... | E | |
| CVE-2023-36941 | A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and ... | E | |
| CVE-2023-36942 | A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and ... | E | |
| CVE-2023-36947 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to ... | E | |
| CVE-2023-36950 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to ... | E | |
| CVE-2023-36952 | TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp para... | E | |
| CVE-2023-36953 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.... | E | |
| CVE-2023-36954 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.... | E | |
| CVE-2023-36955 | TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File para... | E | |
| CVE-2023-36968 | A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands... | E | |
| CVE-2023-36969 | CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.... | E | |
| CVE-2023-36970 | A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inj... | E | |
| CVE-2023-36980 | An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the va... | | |
| CVE-2023-36983 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.... | | |
| CVE-2023-36984 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.... | | |
| CVE-2023-36992 | PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attac... | E | |
| CVE-2023-36993 | The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the... | E | |
| CVE-2023-36994 | In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker ... | E | |
| CVE-2023-36995 | TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferenc... | E | |
| CVE-2023-36998 | The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack... | |