| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-37002 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37003 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37004 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37005 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37006 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37007 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37008 | Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the... | E | |
| CVE-2023-37009 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37010 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37011 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37012 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37013 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficientl... | E | |
| CVE-2023-37014 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed A... | E | |
| CVE-2023-37015 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed A... | E | |
| CVE-2023-37016 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37017 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37018 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed A... | E | |
| CVE-2023-37019 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed A... | E | |
| CVE-2023-37020 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37021 | Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed AS... | E | |
| CVE-2023-37022 | Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` pack... | E | |
| CVE-2023-37023 | Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet han... | E | |
| CVE-2023-37024 | A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.... | E | |
| CVE-2023-37025 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37026 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37027 | Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixe... | E | |
| CVE-2023-37028 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37029 | Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are suscepti... | E | |
| CVE-2023-37030 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37031 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37032 | A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixe... | E | |
| CVE-2023-37033 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37034 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37035 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | | |
| CVE-2023-37036 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37037 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37038 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | E | |
| CVE-2023-37039 | A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fi... | | |
| CVE-2023-37049 | emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.... | E | |
| CVE-2023-37057 | An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute... | | |
| CVE-2023-37058 | Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a ... | E | |
| CVE-2023-37061 | Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the langu... | S | |
| CVE-2023-37062 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course c... | S | |
| CVE-2023-37063 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers ... | S | |
| CVE-2023-37064 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fi... | S | |
| CVE-2023-37065 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session ... | S | |
| CVE-2023-37066 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills w... | S | |
| CVE-2023-37067 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/... | S | |
| CVE-2023-37068 | Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands v... | E | |
| CVE-2023-37069 | Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, ... | E | |
| CVE-2023-37070 | Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)... | E | |
| CVE-2023-37117 | A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP... | E | |
| CVE-2023-37122 | A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbi... | E | |
| CVE-2023-37124 | A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows at... | E | |
| CVE-2023-37125 | A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v1... | E | |
| CVE-2023-37131 | A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.... | E | |
| CVE-2023-37132 | A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 a... | E | |
| CVE-2023-37133 | A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 ... | E | |
| CVE-2023-37134 | A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 ... | E | |
| CVE-2023-37135 | A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allow... | E | |
| CVE-2023-37136 | A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms... | E | |
| CVE-2023-37139 | ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the func... | E | |
| CVE-2023-37140 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function J... | E | |
| CVE-2023-37141 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function J... | E | |
| CVE-2023-37142 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function J... | E | |
| CVE-2023-37143 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function B... | E S | |
| CVE-2023-37144 | Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac para... | E | |
| CVE-2023-37145 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2023-37146 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2023-37148 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2023-37149 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2023-37150 | Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "... | | |
| CVE-2023-37151 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2246. Reason: This candidate... | R | |
| CVE-2023-37152 | Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file ... | E | |
| CVE-2023-37153 | KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the L... | E | |
| CVE-2023-37154 | check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, Loc... | | |
| CVE-2023-37164 | Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter ... | E | |
| CVE-2023-37165 | Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via t... | E | |
| CVE-2023-37170 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code exe... | E | |
| CVE-2023-37171 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2023-37172 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2023-37173 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2023-37174 | GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dum... | E | |
| CVE-2023-37177 | SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated a... | E | |
| CVE-2023-37185 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec... | E S | |
| CVE-2023-37186 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a N... | E S | |
| CVE-2023-37187 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c ... | E S | |
| CVE-2023-37188 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate... | E S | |
| CVE-2023-37189 | A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX ver... | E | |
| CVE-2023-37190 | A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers ... | E | |
| CVE-2023-37191 | A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers ... | E | |
| CVE-2023-37192 | Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored se... | E | |
| CVE-2023-37194 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions... | | |
| CVE-2023-37195 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions... | | |
| CVE-2023-37196 | A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL In... | | |
| CVE-2023-37197 | A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL ... | | |
| CVE-2023-37198 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that c... | | |
| CVE-2023-37199 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could... | | |
| CVE-2023-37200 | A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could ca... | | |
| CVE-2023-37201 | An attacker could have triggered a use-after-free condition when creating a WebRTC connection over H... | | |
| CVE-2023-37202 | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartmen... | | |
| CVE-2023-37203 | Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have al... | | |
| CVE-2023-37204 | A website could have obscured the fullscreen notification by using an option element by introducing ... | | |
| CVE-2023-37205 | The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerab... | | |
| CVE-2023-37206 | Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting ... | E | |
| CVE-2023-37207 | A website could have obscured the fullscreen notification by using a URL with a scheme handled by an... | | |
| CVE-2023-37208 | When opening Diagcab files, Firefox did not warn the user that these files may contain malicious cod... | | |
| CVE-2023-37209 | A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` o... | | |
| CVE-2023-37210 | A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could... | | |
| CVE-2023-37211 | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these... | | |
| CVE-2023-37212 | Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption a... | | |
| CVE-2023-37213 | Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection' | S | |
| CVE-2023-37214 | Heights Telecom ERO1xS-Pro Dual-Band WiFi command injection | S | |
| CVE-2023-37215 | JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials | S | |
| CVE-2023-37216 | AnaSystem SensMini M4 – an authenticated user can cause Denial of Service | S | |
| CVE-2023-37217 | Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy | S | |
| CVE-2023-37218 | Tadiran Telecom Aeonix - CWE-22: Improper Limitation of a Pathname to a Restricted Directory | S | |
| CVE-2023-37219 | Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File | S | |
| CVE-2023-37220 | Synel Terminals - CWE-494: Download of Code Without Integrity Check | S | |
| CVE-2023-37221 | 7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). | S | |
| CVE-2023-37222 | Farsight Tech Nordic AB ProVide | S | |
| CVE-2023-37223 | Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 an... | | |
| CVE-2023-37224 | An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated a... | | |
| CVE-2023-37225 | Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.... | M | |
| CVE-2023-37226 | Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.... | | |
| CVE-2023-37227 | Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.... | | |
| CVE-2023-37228 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2023-37229 | Loftware Spectrum before 5.1 allows SSRF.... | | |
| CVE-2023-37230 | Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.... | | |
| CVE-2023-37231 | Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.... | | |
| CVE-2023-37232 | Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.... | | |
| CVE-2023-37233 | Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.... | | |
| CVE-2023-37234 | Loftware Spectrum through 4.6 has unprotected JMX Registry.... | | |
| CVE-2023-37237 | In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated A... | | |
| CVE-2023-37238 | Vulnerability of apps' permission to access a certain API being incompletely verified in the wireles... | | |
| CVE-2023-37239 | Format string vulnerability in the distributed file system. Attackers who bypass the selinux permis... | | |
| CVE-2023-37240 | Vulnerability of missing input length verification in the distributed file system. Successful expl... | | |
| CVE-2023-37241 | Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may c... | | |
| CVE-2023-37242 | Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may ... | | |
| CVE-2023-37243 | The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically ... | | |
| CVE-2023-37244 | Privilege escalation in N-Able's AutomationManagerAgent | | |
| CVE-2023-37245 | Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerabi... | | |
| CVE-2023-37246 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-37247 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-37248 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-37249 | Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization... | | |
| CVE-2023-37250 | Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYST... | | |
| CVE-2023-37251 | An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The go... | | |
| CVE-2023-37254 | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Specia... | E | |
| CVE-2023-37255 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUse... | E | |
| CVE-2023-37256 | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store ... | E | |
| CVE-2023-37257 | The DataEase panel and dataset have a stored XSS vulnerability | E | |
| CVE-2023-37258 | DataEase has a SQL injection vulnerability that can bypass blacklists | E | |
| CVE-2023-37259 | Cross site scripting in Export Chat feature | S | |
| CVE-2023-37260 | league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase | S | |
| CVE-2023-37261 | OpenComputers's SSRF to cloud service metadata services and local IPv6 addresses not blocked by default | S | |
| CVE-2023-37262 | CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default | S | |
| CVE-2023-37263 | Strapi's field level permissions not being respected in relationship title | E | |
| CVE-2023-37264 | Pipelines do not validate child UIDs | E | |
| CVE-2023-37265 | Incorrect identification of source IP addresses in CasaOS | E S | |
| CVE-2023-37266 | Weak json web token (JWT) secrets in CasaOS | E S | |
| CVE-2023-37267 | Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions | S | |
| CVE-2023-37268 | User login confusion with SSO in warpgate | S | |
| CVE-2023-37269 | Winter CMS vulnerable to stored XSS through privileged upload of SVG file | E S | |
| CVE-2023-37270 | Piwigo SQL Injection vulnerability in "User-Agent" | E S | |
| CVE-2023-37271 | RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape | S | |
| CVE-2023-37272 | XSS vulnerability in JOC Cockpit branch 1.13 | S | |
| CVE-2023-37273 | Docker escape in Auto-GPT when running from docker-compose.yml included in git repo | S | |
| CVE-2023-37274 | Python code execution sandbox escape in non-docker version in Auto-GPT | S | |
| CVE-2023-37275 | System logs spoofable in Auto-GPT via ANSI control sequences | S | |
| CVE-2023-37276 | aiohttp vulnerable to HTTP request smuggling | E S | |
| CVE-2023-37277 | XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API | S | |
| CVE-2023-37278 | GLPI vulnerable to SQL injection via dashboard administration | | |
| CVE-2023-37279 | Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input | E | |
| CVE-2023-37280 | Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page | S | |
| CVE-2023-37281 | Out-of-bounds read during IPHC address decompression | S | |
| CVE-2023-37282 | An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GT... | E | |
| CVE-2023-37283 | Authentication Bypass via HTML Form & Identifier First Adapter | | |
| CVE-2023-37284 | Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_23... | | |
| CVE-2023-37285 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8... | | |
| CVE-2023-37286 | SmartBPM.NET - Use of Hard-Coded Credentials - 1 | S | |
| CVE-2023-37287 | SmartBPM.NET - Use of Hard-Coded Credentials - 2 | S | |
| CVE-2023-37288 | SmartBPM.NET - Path Traversal | S | |
| CVE-2023-37289 | InfoDoc Document On-line Submission and Approval System - Arbitrary File Upload | S | |
| CVE-2023-37290 | InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF) | S | |
| CVE-2023-37291 | Galaxy Software Services Vitals ESP - Use of Hard-coded Cryptographic Key | S | |
| CVE-2023-37292 | HGiga iSherlock - Command Injection | S | |
| CVE-2023-37293 | stack-based buffer overflow | | |
| CVE-2023-37294 | Heap-based Buffer Overflow | | |
| CVE-2023-37295 | Heap-based Buffer Overflow | | |
| CVE-2023-37296 | Stack-based Buffer Overflow | | |
| CVE-2023-37297 | heap memory overflow | | |
| CVE-2023-37298 | Joplin before 2.11.5 allows XSS via a USE element in an SVG document.... | S | |
| CVE-2023-37299 | Joplin before 2.11.5 allows XSS via an AREA element of an image map.... | S | |
| CVE-2023-37300 | An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.3... | E S | |
| CVE-2023-37301 | An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it do... | E | |
| CVE-2023-37302 | An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS v... | E S | |
| CVE-2023-37303 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situatio... | E S | |
| CVE-2023-37304 | An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWik... | E S | |
| CVE-2023-37305 | An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.... | E S | |
| CVE-2023-37306 | MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain... | E S | |
| CVE-2023-37307 | In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclu... | S | |
| CVE-2023-37308 | Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.... | | |
| CVE-2023-37310 | D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37311 | D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37312 | D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37313 | D-Link DAP-2622 DDP Set IPv4 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37314 | D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37315 | D-Link DAP-2622 DDP Set IPv6 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37316 | D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37317 | D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37318 | D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37319 | D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37320 | D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37321 | D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37322 | D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37323 | D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37324 | D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37325 | D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability | | |
| CVE-2023-37326 | D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37327 | GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-37328 | GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-37329 | GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-37330 | Kofax Power PDF exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability | | |
| CVE-2023-37331 | Kofax Power PDF GIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-37332 | Kofax Power PDF PNG File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2023-37333 | Kofax Power PDF PCX File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2023-37334 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37335 | Kofax Power PDF BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-37336 | Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37337 | Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37338 | Kofax Power PDF GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37339 | Kofax Power PDF PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37340 | Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37341 | Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37342 | Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-37343 | Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37344 | Kofax Power PDF BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-37345 | Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37346 | Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37347 | Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-37348 | Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37349 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37350 | Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-37351 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-37352 | Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-37353 | Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-37354 | Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-37355 | Kofax Power PDF JPG File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-37356 | Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-37357 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-37358 | Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-37359 | Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-37360 | pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege e... | E | |
| CVE-2023-37361 | REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, ap... | E | |
| CVE-2023-37362 | Weintek Weincloud Improper Authentication | S | |
| CVE-2023-37364 | In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity res... | | |
| CVE-2023-37365 | Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.... | E | |
| CVE-2023-37367 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos ... | | |
| CVE-2023-37368 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos ... | | |
| CVE-2023-37369 | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an applic... | E S | |
| CVE-2023-37372 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applic... | | |
| CVE-2023-37373 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applic... | | |
| CVE-2023-37374 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-37375 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-37376 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-37377 | An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exyno... | | |
| CVE-2023-37378 | Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller d... | S | |
| CVE-2023-37379 | Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature | S | |
| CVE-2023-37385 | WordPress Consulting theme <= 6.5.6 - Local File Inclusion | S | |
| CVE-2023-37386 | WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37387 | WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-37388 | WordPress Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-37389 | WordPress Booking Package SAASPROJECT plugin <= 1.5.98 - Unauthenticated Privilege Escalation vulnerability | S | |
| CVE-2023-37390 | WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection | S | |
| CVE-2023-37391 | WordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37392 | WordPress WP Dummy Content Generator Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37393 | WordPress Atarim Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37394 | WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability | S | |
| CVE-2023-37395 | IBM Aspera Faspex information disclosure | | |
| CVE-2023-37396 | IBM Aspera Faspex information disclosure | | |
| CVE-2023-37397 | IBM Aspera Faspex data manipulation | | |
| CVE-2023-37398 | IBM Aspera Faspex information disclosure | | |
| CVE-2023-37400 | IBM Aspera Faspex privilege escalation | | |
| CVE-2023-37404 | IBM Observability with Instana code execution | S | |
| CVE-2023-37405 | IBM Cloud Pak System information disclosure | | |
| CVE-2023-37407 | IBM Aspera Orchestrator command execution | | |
| CVE-2023-37410 | IBM Personal Communications privilege escalation | S | |
| CVE-2023-37411 | IBM Aspera Faspex cross-site scripting | | |
| CVE-2023-37412 | IBM Aspera Faspex improper access control | | |
| CVE-2023-37413 | IBM Aspera Faspex information disclosure | | |
| CVE-2023-37415 | Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user | | |
| CVE-2023-37416 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali... | E | |
| CVE-2023-37417 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali... | E | |
| CVE-2023-37418 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali... | E | |
| CVE-2023-37419 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali... | E | |
| CVE-2023-37420 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali... | E | |
| CVE-2023-37421 | Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface | | |
| CVE-2023-37422 | Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface | | |
| CVE-2023-37423 | Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface | | |
| CVE-2023-37424 | Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface | | |
| CVE-2023-37425 | Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface | | |
| CVE-2023-37426 | Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator | | |
| CVE-2023-37427 | Authenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface | | |
| CVE-2023-37428 | Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface | | |
| CVE-2023-37429 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | | |
| CVE-2023-37430 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | | |
| CVE-2023-37431 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | | |
| CVE-2023-37432 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | | |
| CVE-2023-37433 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | | |
| CVE-2023-37434 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | | |
| CVE-2023-37435 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | M | |
| CVE-2023-37436 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | M | |
| CVE-2023-37437 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | M | |
| CVE-2023-37438 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface | M | |
| CVE-2023-37439 | Reflected Cross Site Scripting in EdgeConnect SD-WAN Orchestrator Web Management Interface | M | |
| CVE-2023-37440 | Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure | M | |
| CVE-2023-37442 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of... | E | |
| CVE-2023-37443 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of... | E | |
| CVE-2023-37444 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of... | E | |
| CVE-2023-37445 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of... | E | |
| CVE-2023-37446 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of... | E | |
| CVE-2023-37447 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of... | E | |
| CVE-2023-37448 | A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonom... | | |
| CVE-2023-37450 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safar... | KEV | |
| CVE-2023-37453 | An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-b... | E | |
| CVE-2023-37454 | An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a u... | E | |
| CVE-2023-37455 | The permission request prompt from the site in the background tab was overlaid on top of the site in... | | |
| CVE-2023-37456 | The session restore helper crashed whenever there was no parameter sent to the message handler. This... | | |
| CVE-2023-37457 | Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update' | S | |
| CVE-2023-37459 | Out-of-bounds read when processing a received IPv6 packet | S | |
| CVE-2023-37460 | Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver | E S | |
| CVE-2023-37461 | Path traversal in metersphere | E | |
| CVE-2023-37462 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui | E S | |
| CVE-2023-37463 | Quadratic complexity bugs may lead to a denial of service | E | |
| CVE-2023-37464 | Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose | E S | |
| CVE-2023-37466 | vm2 Sandbox Escape vulnerability | E | |
| CVE-2023-37467 | Discourse CSP nonce reuse vulnerability for anonymous users | S | |
| CVE-2023-37468 | Storing unencrypted LDAP passwords in feedbacksystem | S | |
| CVE-2023-37469 | CasaOS Command Injection vulnerability | E S | |
| CVE-2023-37470 | Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint | S | |
| CVE-2023-37471 | User impersonation using SAMLv1.x SSO in Open Access Management | S | |
| CVE-2023-37472 | Query injection in Knowage server | E | |
| CVE-2023-37473 | Limited code execution in zenstruck/collections | S | |
| CVE-2023-37474 | Path traversal in copyparty | E S | |
| CVE-2023-37475 | Attacker-controlled parameter can cause denial of service in hamba avro | E S | |
| CVE-2023-37476 | Zip slip in OpenRefine | S | |
| CVE-2023-37477 | Command injection in firewall ip functionality in 1Panel | E S | |
| CVE-2023-37478 | pnpm incorrectly parses tar archives relative to specification | | |
| CVE-2023-37479 | Improper sanitization of MXCSR and RFLAGS in OpenEnclave | S | |
| CVE-2023-37480 | Fides Webserver Vulnerable to Zip Bomb File Uploads | S | |
| CVE-2023-37481 | Fides Webserver Vulnerable to SVG Bomb File Uploads | S | |
| CVE-2023-37482 | The login functionality of the web server in affected devices does not normalize the response times ... | | |
| CVE-2023-37483 | Improper Access Control Vulnerabilities in SAP PowerDesigner | | |
| CVE-2023-37484 | Information Disclosure Vulnerabilities in SAP PowerDesigner | | |
| CVE-2023-37486 | Information Disclosure vulnerability in SAP Commerce (OCC API) | | |
| CVE-2023-37487 | Security misconfiguration vulnerability in SAP Business One (Service Layer) | | |
| CVE-2023-37488 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration | | |
| CVE-2023-37489 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) | | |
| CVE-2023-37490 | Binary hijack in SAP BusinessObjects Business Intelligence (Installer) | | |
| CVE-2023-37491 | Improper Authorization check vulnerability in SAP Message Server | | |
| CVE-2023-37492 | Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform | | |
| CVE-2023-37495 | HCL Domino is susceptible to a weak cryptography vulnerability | | |
| CVE-2023-37496 | HCL Verse is susceptible to a Stored Cross-Site Scripting (XSS) Vulnerability | | |
| CVE-2023-37497 | An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform | | |
| CVE-2023-37498 | HCL Unica Platform is vulnerable to a privilege escalation by unauthorized group assignation | | |
| CVE-2023-37499 | A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform | | |
| CVE-2023-37500 | A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform | | |
| CVE-2023-37501 | A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Campaign | | |
| CVE-2023-37502 | An unrestricted file upload vulnerability affects HCL Compass | | |
| CVE-2023-37503 | A weak password requirements vulnerability affects HCL Compass | | |
| CVE-2023-37504 | An insufficient session expiration vulnerability affects HCL Compass | | |
| CVE-2023-37511 | HCL Traveler To Do is affected by App Transport Security (ATS) settings allowing insecure loads in web content | | |
| CVE-2023-37512 | HCL Traveler Companion is vulnerable to revealing sensitive information via the task switcher | | |
| CVE-2023-37513 | HCL Traveler To Do is vulnerable to revealing sensitive information via the task switcher | | |
| CVE-2023-37516 | HCL Leap is affected by missing "no cache" headers | | |
| CVE-2023-37517 | HCL Domino Volt and Domino Leap are affected by missing "no cache" headers | | |
| CVE-2023-37518 | A code injection vulnerability affects HCL BigFix ServiceNow Data Flow | | |
| CVE-2023-37519 | HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS) | | |
| CVE-2023-37520 | HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS) | | |
| CVE-2023-37521 | HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure | | |
| CVE-2023-37522 | HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags | | |
| CVE-2023-37523 | HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags | | |
| CVE-2023-37526 | HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability | | |
| CVE-2023-37527 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform | | |
| CVE-2023-37528 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform | | |
| CVE-2023-37529 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform | | |
| CVE-2023-37530 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform | | |
| CVE-2023-37531 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform | | |
| CVE-2023-37532 | A path traversal vulnerability affects HCL Commerce | | |
| CVE-2023-37533 | HCL Connections is vulnerable to reflected cross-site scripting | | |
| CVE-2023-37534 | HCL Leap is affected by a Cross-site scripting (XSS) vulnerability | | |
| CVE-2023-37535 | HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability | | |
| CVE-2023-37536 | HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3 | | |
| CVE-2023-37537 | HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability | | |
| CVE-2023-37538 | HCL Digital Experience is susceptible to cross site scripting (XSS) | S | |
| CVE-2023-37539 | HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2023-37540 | HCL Sametime Chat is affected by an unimplemented feature in the UI | | |
| CVE-2023-37541 | HCL Connections is vulnerable to broken access control | | |
| CVE-2023-37543 | Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modi... | | |
| CVE-2023-37544 | Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS | | |
| CVE-2023-37545 | CODESYS: Improper Input Validation in CmpApp component | | |
| CVE-2023-37546 | CODESYS: Improper Input Validation in CmpApp component | | |
| CVE-2023-37547 | CODESYS: Improper Input Validation in CmpApp component | | |
| CVE-2023-37548 | CODESYS: Improper Input Validation in CmpApp component | | |
| CVE-2023-37549 | CODESYS: Improper Input Validation in CmpApp component | | |
| CVE-2023-37550 | CODESYS: Improper Input Validation in CmpApp component | | |
| CVE-2023-37551 | CODESYS Files or Directories Accessible to External Parties in CmpApp | | |
| CVE-2023-37552 | CODESYS Improper Input Validation in CmpAppBP | | |
| CVE-2023-37553 | CODESYS Improper Input Validation in CmpAppBP | | |
| CVE-2023-37554 | CODESYS Improper Input Validation in CmpAppBP | | |
| CVE-2023-37555 | CODESYS Improper Input Validation in CmpAppBP | | |
| CVE-2023-37556 | CODESYS Improper Input Validation in CmpAppBP | | |
| CVE-2023-37557 | CODESYS Heap-based Buffer Overflow in multiple products | | |
| CVE-2023-37558 | CODESYS Improper Validation of Consistency within Input in multiple products | | |
| CVE-2023-37559 | CODESYS Improper Validation of Consistency within Input in multiple products | | |
| CVE-2023-37560 | Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlie... | | |
| CVE-2023-37561 | Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows ... | | |
| CVE-2023-37562 | Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WT... | | |
| CVE-2023-37563 | ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network... | | |
| CVE-2023-37564 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenti... | | |
| CVE-2023-37565 | Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated ... | | |
| CVE-2023-37566 | Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent... | | |
| CVE-2023-37567 | Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthent... | | |
| CVE-2023-37568 | ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier a... | | |
| CVE-2023-37569 | OS Command Injection Vulnerability in Emagic Data Center Management Suite | E S | |
| CVE-2023-37570 | Insufficient Session Expiration Vulnerability in Emagic Data Center Management Suite | S | |
| CVE-2023-37571 | Softing TH SCOPE through 3.70 allows XSS.... | | |
| CVE-2023-37572 | Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain s... | | |
| CVE-2023-37573 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa... | E | |
| CVE-2023-37574 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa... | E | |
| CVE-2023-37575 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa... | E | |
| CVE-2023-37576 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa... | E | |
| CVE-2023-37577 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa... | E | |
| CVE-2023-37578 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa... | E | |
| CVE-2023-37579 | Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials | | |
| CVE-2023-37580 | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.... | KEV S | |
| CVE-2023-37581 | Apache Roller: Roller's weblog category, weblog settings and file-upload features did not properly sanitize input could be exploited to perform Reflected Cross Site Scripting (XSS) even on a Roller site configured for untrusted users. | M | |
| CVE-2023-37582 | Apache RocketMQ: Possible remote code execution when using the update configuration function | S | |
| CVE-2023-37596 | Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to... | E | |
| CVE-2023-37597 | Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to... | E | |
| CVE-2023-37598 | A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker ... | E | |
| CVE-2023-37599 | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the m... | E | |
| CVE-2023-37600 | Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scriptin... | E | |
| CVE-2023-37601 | Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerabil... | E | |
| CVE-2023-37602 | An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.... | E | |
| CVE-2023-37605 | Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows... | | |
| CVE-2023-37607 | Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attack... | E | |
| CVE-2023-37608 | An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtai... | E | |
| CVE-2023-37611 | Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to... | E | |
| CVE-2023-37613 | A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to... | E | |
| CVE-2023-37621 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37623 | Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via t... | E S | |
| CVE-2023-37624 | Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may ... | E S | |
| CVE-2023-37625 | A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbit... | E | |
| CVE-2023-37627 | Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL in... | E | |
| CVE-2023-37628 | Online Piggery Management System 1.0 is vulnerable to SQL Injection.... | E | |
| CVE-2023-37629 | Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can uploa... | E | |
| CVE-2023-37630 | Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated... | E | |
| CVE-2023-37635 | UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on ... | E | |
| CVE-2023-37636 | A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attacke... | E | |
| CVE-2023-37637 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-38817. Reason: This record is a re... | R | |
| CVE-2023-37644 | SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted d... | E | |
| CVE-2023-37645 | eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /... | E | |
| CVE-2023-37646 | An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execu... | | |
| CVE-2023-37647 | SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Sux... | | |
| CVE-2023-37649 | Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized ... | E | |
| CVE-2023-37650 | A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to ex... | E | |
| CVE-2023-37656 | WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.... | E | |
| CVE-2023-37657 | TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-37658 | fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, bu... | E | |
| CVE-2023-37659 | xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).... | E | |
| CVE-2023-37677 | Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vuln... | E | |
| CVE-2023-37679 | A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to e... | E | |
| CVE-2023-37682 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | | |
| CVE-2023-37683 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability... | E | |
| CVE-2023-37684 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability... | E | |
| CVE-2023-37685 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability... | E | |
| CVE-2023-37686 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability... | E | |
| CVE-2023-37687 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability... | E | |
| CVE-2023-37688 | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Ad... | E | |
| CVE-2023-37689 | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Bo... | E | |
| CVE-2023-37690 | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Se... | E | |
| CVE-2023-37692 | An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary c... | E | |
| CVE-2023-37700 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_... | E | |
| CVE-2023-37701 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the a... | E | |
| CVE-2023-37702 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the f... | E | |
| CVE-2023-37703 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the ... | E | |
| CVE-2023-37704 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the f... | E | |
| CVE-2023-37705 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromA... | E | |
| CVE-2023-37706 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fro... | E | |
| CVE-2023-37707 | Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromV... | E | |
| CVE-2023-37710 | Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the w... | E | |
| CVE-2023-37711 | Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the d... | E | |
| CVE-2023-37712 | Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contai... | E | |
| CVE-2023-37714 | Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i... | E | |
| CVE-2023-37715 | Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i... | E | |
| CVE-2023-37716 | Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.... | E | |
| CVE-2023-37717 | Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.... | E | |
| CVE-2023-37718 | Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i... | E | |
| CVE-2023-37719 | Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i... | E | |
| CVE-2023-37721 | Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i... | E | |
| CVE-2023-37722 | Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i... | E | |
| CVE-2023-37723 | Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i... | E | |
| CVE-2023-37728 | IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color par... | | |
| CVE-2023-37732 | Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, whic... | E | |
| CVE-2023-37733 | An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary ... | E | |
| CVE-2023-37734 | EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.... | | |
| CVE-2023-37739 | i-doit Pro v25 and below was discovered to be vulnerable to path traversal.... | E | |
| CVE-2023-37742 | WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vuln... | | |
| CVE-2023-37743 | A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attacker... | | |
| CVE-2023-37744 | Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabil... | | |
| CVE-2023-37745 | A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to... | | |
| CVE-2023-37746 | A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to... | | |
| CVE-2023-37748 | ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ng... | E S | |
| CVE-2023-37754 | PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the ins... | E | |
| CVE-2023-37755 | i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administra... | E | |
| CVE-2023-37756 | I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administr... | E | |
| CVE-2023-37758 | D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.... | | |
| CVE-2023-37759 | Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 ... | E | |
| CVE-2023-37765 | GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_... | E | |
| CVE-2023-37766 | GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_... | E | |
| CVE-2023-37767 | GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_... | E | |
| CVE-2023-37769 | stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component com... | E | |
| CVE-2023-37770 | faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print... | E | |
| CVE-2023-37771 | Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /... | E | |
| CVE-2023-37772 | Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the ... | | |
| CVE-2023-37777 | A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and ... | | |
| CVE-2023-37781 | An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via ... | E | |
| CVE-2023-37785 | A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execu... | E | |
| CVE-2023-37786 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arb... | E | |
| CVE-2023-37787 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arb... | E | |
| CVE-2023-37788 | goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unsp... | E | |
| CVE-2023-37790 | Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnera... | E | |
| CVE-2023-37791 | D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /g... | E | |
| CVE-2023-37793 | WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filt... | E | |
| CVE-2023-37794 | WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the compone... | E | |
| CVE-2023-37798 | A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Van... | E | |
| CVE-2023-37800 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37801 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37802 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37803 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37804 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37805 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37806 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37807 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37808 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37809 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37810 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37811 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37822 | The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ec... | | |
| CVE-2023-37824 | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulner... | | |
| CVE-2023-37826 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V... | | |
| CVE-2023-37827 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V... | | |
| CVE-2023-37828 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V... | | |
| CVE-2023-37829 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V... | | |
| CVE-2023-37830 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V... | | |
| CVE-2023-37831 | An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user account... | E | |
| CVE-2023-37832 | A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user creden... | E | |
| CVE-2023-37833 | Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary con... | E | |
| CVE-2023-37835 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45396. Reason: This record is a du... | R | |
| CVE-2023-37836 | libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at... | E S | |
| CVE-2023-37837 | libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::Enc... | E S | |
| CVE-2023-37839 | An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows a... | E | |
| CVE-2023-37847 | novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.... | | |
| CVE-2023-37849 | A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows att... | E | |
| CVE-2023-37850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-37855 | PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels | | |
| CVE-2023-37856 | PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels | | |
| CVE-2023-37857 | PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels | | |
| CVE-2023-37858 | PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels | | |
| CVE-2023-37859 | PHOENIX CONTACT: Improper Privilege Management in WP 6xxx Web panels | | |
| CVE-2023-37860 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels | | |
| CVE-2023-37861 | PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels | | |
| CVE-2023-37862 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels | | |
| CVE-2023-37863 | PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels | | |
| CVE-2023-37864 | PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check | | |
| CVE-2023-37865 | WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability | S | |
| CVE-2023-37866 | WordPress JetFormBuilder plugin <= 3.0.8 - Authenticated Privilege Escalation vulnerability | S | |
| CVE-2023-37867 | WordPress Yet Another Stars Rating Plugin <= 3.3.8 is vulnerable to Race Condition | S | |
| CVE-2023-37868 | WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-37869 | WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability | S | |
| CVE-2023-37870 | WordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerability | S | |
| CVE-2023-37871 | WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-37872 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability | S | |
| CVE-2023-37873 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37874 | WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37875 | Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0 | | |
| CVE-2023-37878 | Insecure Default Permissions in Wing FTP Server <= 7.2.0 | | |
| CVE-2023-37879 | Exposed Session Variable in Wing FTP Server <= 7.2.0 | | |
| CVE-2023-37881 | Weak Access Control between Domains in Wing FTP Server <= 7.2.0 | | |
| CVE-2023-37885 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability | | |
| CVE-2023-37886 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability | | |
| CVE-2023-37887 | WordPress WPSchoolPress plugin <= 2.2.7 - Broken Access Control vulnerability | S | |
| CVE-2023-37888 | WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability | S | |
| CVE-2023-37889 | WordPress WPAdmin AWS CDN Plugin <= 2.0.13 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37890 | WordPress KB Support Plugin <= 1.5.88 is vulnerable to Broken Access Control | S | |
| CVE-2023-37891 | WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-37892 | WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37893 | WordPress Coming Soon Chop Chop Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-37894 | WordPress Variation Images Gallery for WooCommerce Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37895 | Apache Jackrabbit RMI access can lead to RCE | | |
| CVE-2023-37896 | Nuclei Path Traversal vulnerability | | |
| CVE-2023-37897 | Server-side Template Injection (SSTI) in grav | E S | |
| CVE-2023-37898 | Safe mode Cross-site Scripting (XSS) vulnerability in Joplin | E | |
| CVE-2023-37899 | feathersjs socket handler allows abusing implicit toString | E S | |
| CVE-2023-37900 | Crossplane vulnerable to denial of service from large image | E | |
| CVE-2023-37901 | Cross-Site-Scripting via confirmation prompts | S | |
| CVE-2023-37902 | Vyper's ecrecover can return undefined data if signature does not verify | E S | |
| CVE-2023-37903 | Sandbox Escape in vm2 | | |
| CVE-2023-37904 | Discourse Race Condition in Accept Invite | S | |
| CVE-2023-37905 | Cross-site Scripting (XSS) in Source Mode of Editor in ckeditor-wordcount-plugin | S | |
| CVE-2023-37906 | Discourse vulnerable to DoS via post edit reason | S | |
| CVE-2023-37907 | Cryptomator's MSI installer allows local privilege escalation | E S | |
| CVE-2023-37908 | org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability | E S | |
| CVE-2023-37909 | Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet | E S | |
| CVE-2023-37910 | org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move | E S | |
| CVE-2023-37911 | org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents | E S | |
| CVE-2023-37912 | XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro | E S | |
| CVE-2023-37913 | org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter | E S | |
| CVE-2023-37914 | Privilege escalation (PR)/RCE from account through Invitation subject/message | E S | |
| CVE-2023-37915 | Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS | E | |
| CVE-2023-37916 | Leak password hash of any user | E | |
| CVE-2023-37917 | Privilege Escalation in kubepi | E | |
| CVE-2023-37918 | API token authentication bypass in HTTP endpoints in Dapr | E S | |
| CVE-2023-37919 | Cal.com not expiring old sessions after enabling 2FA | | |
| CVE-2023-37920 | Certifi's removal of e-Tugra root certificate | S | |
| CVE-2023-37921 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.... | E | |
| CVE-2023-37922 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.... | E | |
| CVE-2023-37923 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.... | E | |
| CVE-2023-37924 | Apache Submarine: SQL injection from unauthorized login | S | |
| CVE-2023-37925 | An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm... | | |
| CVE-2023-37926 | A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLE... | | |
| CVE-2023-37927 | The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware vers... | S | |
| CVE-2023-37928 | A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmwar... | S | |
| CVE-2023-37929 | The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM... | | |
| CVE-2023-37930 | Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE... | S | |
| CVE-2023-37931 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit... | S | |
| CVE-2023-37932 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE... | S | |
| CVE-2023-37933 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilit... | S | |
| CVE-2023-37934 | An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all ... | S | |
| CVE-2023-37935 | A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7... | S | |
| CVE-2023-37936 | A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 ... | S | |
| CVE-2023-37937 | An improper neutralization of special elements used in an os command ('os command injection') in For... | S | |
| CVE-2023-37939 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient... | S | |
| CVE-2023-37940 | Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.... | | |
| CVE-2023-37941 | Apache Superset: Metadata db write access can lead to remote code execution | | |
| CVE-2023-37942 | Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML... | | |
| CVE-2023-37943 | Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options an... | | |
| CVE-2023-37944 | A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall... | | |
| CVE-2023-37945 | A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both incl... | | |
| CVE-2023-37946 | Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previou... | | |
| CVE-2023-37947 | Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a re... | | |
| CVE-2023-37948 | Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host key... | | |
| CVE-2023-37949 | A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers wi... | | |
| CVE-2023-37950 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/R... | | |
| CVE-2023-37951 | Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, ... | | |
| CVE-2023-37952 | A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows a... | | |
| CVE-2023-37953 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/R... | | |
| CVE-2023-37954 | A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 an... | | |
| CVE-2023-37955 | A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 a... | | |
| CVE-2023-37956 | A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attac... | | |
| CVE-2023-37957 | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and ea... | | |
| CVE-2023-37958 | A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and ea... | | |
| CVE-2023-37959 | A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers ... | | |
| CVE-2023-37960 | Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission... | | |
| CVE-2023-37961 | A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier a... | | |
| CVE-2023-37962 | A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and ea... | | |
| CVE-2023-37963 | A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers ... | | |
| CVE-2023-37964 | A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier ... | | |
| CVE-2023-37965 | A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with O... | | |
| CVE-2023-37966 | WordPress User Activity Log Plugin <= 1.6.2 is vulnerable to SQL Injection | S | |
| CVE-2023-37967 | WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability | S | |
| CVE-2023-37968 | WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-37969 | WordPress Checkout with Zelle on Woocommerce plugin <= 3.1 - Broken Access Control vulnerability | S | |
| CVE-2023-37970 | WordPress MF Gig Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37971 | WordPress WooCommerce Product Stock Alert plugin <= 2.0.1 - Broken Access Control vulnerability | S | |
| CVE-2023-37972 | WordPress WooCommerce Product Stock Alert Plugin <= 2.0.1 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-37973 | WordPress Replace Word Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37974 | WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-37975 | WordPress Variation Swatches for WooCommerce Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37976 | WordPress Radio Forge Muses Player with Skins Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-37977 | WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37978 | WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-37979 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37980 | WordPress Custom Field For WP Job Manager Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37981 | WordPress Authors List Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37982 | WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection | S | |
| CVE-2023-37983 | WordPress Art Direction Plugin <= 0.2.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-37984 | WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability | S | |
| CVE-2023-37985 | WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-37986 | WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37987 | WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability | S | |
| CVE-2023-37988 | WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-37989 | WordPress Easyship WooCommerce Shipping Rates plugin <= 0.9.0 - Broken Access Control vulnerability | S | |
| CVE-2023-37990 | WordPress Perelink Pro Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37991 | WordPress WP Emoji One Plugin <= 0.6.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37992 | WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37993 | WordPress wpShopGermany IT-RECHT KANZLEI Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-37994 | WordPress Art Decoration Shortcode Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-37995 | WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-37996 | WordPress GTmetrix for WordPress Plugin <= 0.4.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-37997 | WordPress Post List With Featured Image Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-37998 | WordPress Disabler Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-37999 | WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability | S |