| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-38000 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block | E S | |
| CVE-2023-38001 | IBM Aspera Orchestrator cross-site request forgery | | |
| CVE-2023-38002 | IBM Storage Scale session fixation | | |
| CVE-2023-38003 | IBM Db2 command execution | S | |
| CVE-2023-38009 | IBM Cognos Analytics Mobile information disclosure | | |
| CVE-2023-38012 | IBM Cloud Pak System directory traversal | | |
| CVE-2023-38013 | IBM Cloud Pak System information disclosure | | |
| CVE-2023-38018 | IBM Aspera Shares session fixation | | |
| CVE-2023-38019 | IBM SOAR QRadar Plugin App directory traversal | S | |
| CVE-2023-38020 | IBM SOAR QRadar Plugin App log injection | S | |
| CVE-2023-38021 | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3... | | |
| CVE-2023-38022 | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3... | | |
| CVE-2023-38023 | An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of... | | |
| CVE-2023-38024 | SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1 | S | |
| CVE-2023-38025 | SpotCam Co., Ltd. SpotCamFHD - Command Injection -1 | S | |
| CVE-2023-38026 | SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -2 | S | |
| CVE-2023-38027 | SpotCam Co., Ltd. SpotCam Sense - Command Injection | S | |
| CVE-2023-38028 | Saho ADM100&ADM-100FP - Broken Access Control | S | |
| CVE-2023-38029 | Saho ADM100&ADM-100FP - Arbitrary File Upload | S | |
| CVE-2023-38030 | Saho ADM100&ADM-100FP - Execute Code | S | |
| CVE-2023-38031 | ASUS RT-AC86U - Command injection vulnerability - 1 | S | |
| CVE-2023-38032 | ASUS RT-AC86U - Command injection vulnerability - 2 | S | |
| CVE-2023-38033 | ASUS RT-AC86U - Command injection vulnerability - 3 | S | |
| CVE-2023-38034 | A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switche... | | |
| CVE-2023-38035 | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below,... | KEV E | |
| CVE-2023-38037 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The tempo... | | |
| CVE-2023-38039 | When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed la... | E S | |
| CVE-2023-38040 | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..... | E | |
| CVE-2023-38041 | A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race... | | |
| CVE-2023-38042 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low p... | | |
| CVE-2023-38043 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which coul... | | |
| CVE-2023-38044 | Extension - hikashop.com - SQLi in HikaShop component for Joomla <= 4.7.2 | | |
| CVE-2023-38045 | Extension - admiror-design-studio.com - XSS in Admiror Gallery component for Joomla 5.0.0-5.2.0 | | |
| CVE-2023-38046 | PAN-OS: Read System Files and Resources During Configuration Commit | S | |
| CVE-2023-38047 | A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} in EasyAppointments < 1.5.0. | | |
| CVE-2023-38048 | A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38049 | A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38050 | A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38051 | A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38052 | A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38053 | A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38054 | A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38055 | A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0 | | |
| CVE-2023-38056 | Code execution via System Configuration | S | |
| CVE-2023-38057 | XSS stored in survey answers | S | |
| CVE-2023-38058 | Tickets can be moved without permissions | S | |
| CVE-2023-38059 | External pictures can be loaded even if not allowed by configuration | S | |
| CVE-2023-38060 | Host header injection by attachments in web service | S | |
| CVE-2023-38061 | In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible... | | |
| CVE-2023-38062 | In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in... | | |
| CVE-2023-38063 | In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible... | | |
| CVE-2023-38064 | In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be writte... | | |
| CVE-2023-38065 | In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible... | | |
| CVE-2023-38066 | In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during arti... | | |
| CVE-2023-38067 | In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to t... | | |
| CVE-2023-38068 | In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms... | | |
| CVE-2023-38069 | In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases... | | |
| CVE-2023-38070 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V1... | | |
| CVE-2023-38071 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V1... | | |
| CVE-2023-38072 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V1... | | |
| CVE-2023-38073 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V1... | | |
| CVE-2023-38074 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V1... | | |
| CVE-2023-38075 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V1... | | |
| CVE-2023-38076 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V1... | | |
| CVE-2023-38077 | Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38078 | Kofax Power PDF U3D File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-38079 | Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38080 | Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-38081 | Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38082 | Kofax Power PDF GIF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2023-38083 | Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38084 | Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2023-38085 | Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38086 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38087 | Kofax Power PDF clearTimeOut Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38088 | Kofax Power PDF printf Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2023-38089 | Kofax Power PDF clearInterval Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38090 | Kofax Power PDF popUpMenu Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-38091 | Kofax Power PDF response Type Confusion Remote Code Execution Vulnerability | | |
| CVE-2023-38092 | Kofax Power PDF importDataObject Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-38093 | Kofax Power PDF saveAs Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-38094 | Kofax Power PDF replacePages Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-38095 | NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability | | |
| CVE-2023-38096 | NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability | | |
| CVE-2023-38097 | NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability | | |
| CVE-2023-38098 | NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability | | |
| CVE-2023-38099 | NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability | | |
| CVE-2023-38100 | NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability | | |
| CVE-2023-38101 | NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability | | |
| CVE-2023-38102 | NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability | | |
| CVE-2023-38103 | GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-38104 | GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-38105 | Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38106 | Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38107 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38108 | Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38109 | Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38110 | Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38111 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38112 | Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38113 | Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-38114 | Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38115 | Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38116 | Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38117 | Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38118 | Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38119 | Foxit PDF Reader AcroForm signature Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-38120 | Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-38121 | Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability | | |
| CVE-2023-38122 | Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability | | |
| CVE-2023-38123 | Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability | | |
| CVE-2023-38124 | Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability | | |
| CVE-2023-38125 | Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability | | |
| CVE-2023-38126 | Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2023-38127 | An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A spe... | E | |
| CVE-2023-38128 | An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1... | E | |
| CVE-2023-38130 | Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthent... | S | |
| CVE-2023-38131 | Improper input validationation for some Intel Unison software may allow an authenticated user to pot... | | |
| CVE-2023-38132 | LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnera... | | |
| CVE-2023-38133 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i... | | |
| CVE-2023-38135 | Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enabl... | | |
| CVE-2023-38136 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16... | | |
| CVE-2023-38137 | Rejected reason: This is unused.... | R | |
| CVE-2023-38138 | BIG-IP Configuration utility vulnerability | | |
| CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2023-38141 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-38142 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-38143 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2023-38146 | Windows Themes Remote Code Execution Vulnerability | S | |
| CVE-2023-38147 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | S | |
| CVE-2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | S | |
| CVE-2023-38149 | Windows TCP/IP Denial of Service Vulnerability | S | |
| CVE-2023-38150 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-38151 | Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability | S | |
| CVE-2023-38152 | DHCP Server Service Information Disclosure Vulnerability | S | |
| CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability | S | |
| CVE-2023-38156 | Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability | S | |
| CVE-2023-38157 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | S | |
| CVE-2023-38158 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2023-38160 | Windows TCP/IP Information Disclosure Vulnerability | S | |
| CVE-2023-38161 | Windows GDI Elevation of Privilege Vulnerability | S | |
| CVE-2023-38162 | DHCP Server Service Denial of Service Vulnerability | S | |
| CVE-2023-38163 | Windows Defender Attack Surface Reduction Security Feature Bypass | S | |
| CVE-2023-38164 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2023-38166 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-38167 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | S | |
| CVE-2023-38169 | Microsoft SQL OLE DB Remote Code Execution Vulnerability | S | |
| CVE-2023-38170 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2023-38171 | Microsoft QUIC Denial of Service Vulnerability | S | |
| CVE-2023-38172 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-38173 | Microsoft Edge for Android Spoofing Vulnerability | S | |
| CVE-2023-38174 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2023-38175 | Microsoft Windows Defender Elevation of Privilege Vulnerability | S | |
| CVE-2023-38176 | Azure Arc-Enabled Servers Elevation of Privilege Vulnerability | S | |
| CVE-2023-38177 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2023-38178 | .NET Core and Visual Studio Denial of Service Vulnerability | S | |
| CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability | KEV S | |
| CVE-2023-38181 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2023-38182 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-38184 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2023-38185 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2023-38186 | Windows Mobile Device Management Elevation of Privilege Vulnerability | S | |
| CVE-2023-38187 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2023-38188 | Azure Apache Hadoop Spoofing Vulnerability | S | |
| CVE-2023-38190 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size ... | E | |
| CVE-2023-38191 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a cr... | E | |
| CVE-2023-38192 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via craft... | E | |
| CVE-2023-38193 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafte... | E | |
| CVE-2023-38194 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parame... | E | |
| CVE-2023-38195 | Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessi... | | |
| CVE-2023-38197 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.... | S | |
| CVE-2023-38198 | acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild... | | |
| CVE-2023-38199 | coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Typ... | S | |
| CVE-2023-38200 | Keylime: registrar is subject to a dos against ssl connections | S | |
| CVE-2023-38201 | Keylime: challenge-response protocol bypass during agent registration | S | |
| CVE-2023-38203 | Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE | KEV S | |
| CVE-2023-38204 | Bypass APSB23-41 (CVE-2023-38203) - Pre-Auth RCE ColdFusion 2021 Update 8 | | |
| CVE-2023-38205 | ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298 | KEV | |
| CVE-2023-38206 | ColdFusion | Improper Access Control (CWE-284) | | |
| CVE-2023-38207 | Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read | | |
| CVE-2023-38208 | Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | | |
| CVE-2023-38209 | Adobe Commerce Incorrect Authorization Security feature bypass | | |
| CVE-2023-38210 | Other | Uncontrolled Resource Consumption (CWE-400) | | |
| CVE-2023-38211 | ZDI-CAN-21078: Adobe Dimension GLB File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2023-38212 | ZDI-CAN-21093: Adobe Dimension GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-38213 | ZDI-CAN-21094: Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2023-38214 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2023-38215 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2023-38216 | ZDI-CAN-21404: Adobe Bridge Font Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-38217 | ZDI-CAN-21403: Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38218 | Incorrect Authorization - Customer account takeover | | |
| CVE-2023-38219 | Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79) - Customer to Admin stored XSS with Gift wrapping | | |
| CVE-2023-38220 | Full page cache enumeration via cookie X-Magento-Vary | | |
| CVE-2023-38221 | Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) | | |
| CVE-2023-38222 | ZDI-CAN-21103: Adobe Acrobat Reader DC AcroForm spawnPageFromTemplate Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38223 | ZDI-CAN-21063: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2023-38224 | ZDI-CAN-21122: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38225 | ZDI-CAN-21118: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38226 | ZDI-CAN-21240: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2023-38227 | ZDI-CAN-21241: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38228 | ZDI-CAN-21317: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-38229 | ZDI-CAN-21310: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38230 | ZDI-CAN-21318: Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-38231 | ZDI-CAN-21334: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38232 | ZDI-CAN-21357: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38233 | ZDI-CAN-21337: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-38234 | ZDI-CAN-21359: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2023-38235 | ZDI-CAN-21356: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38236 | ZDI-CAN-21247: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38237 | ZDI-CAN-21244: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38238 | ZDI-CAN-21243: Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-38239 | ZDI-CAN-21242: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38240 | ZDI-CAN-21245: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38241 | ZDI-CAN-21246: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38242 | ZDI-CAN-21387: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38243 | ZDI-CAN-21252: Adobe Acrobat Reader DC JBIG2 File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2023-38244 | ZDI-CAN-21371: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38245 | Adobe Acrobat Reader DC ActiveX Control (AxAcroPDFLib.AxAcroPDF) src NTLMv2 SSO Hash Theft Vulnerability | | |
| CVE-2023-38246 | Adobe Acrobat Reader DC ActiveX Control (AxAcroPDFLib.AxAcroPDF) stack-based stale pointer vulnerability | | |
| CVE-2023-38247 | ZDI-CAN-21449: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38248 | ZDI-CAN-21494: Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-38249 | Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) | | |
| CVE-2023-38250 | Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) | | |
| CVE-2023-38251 | Adobe Commerce | Uncontrolled Resource Consumption (CWE-400) | | |
| CVE-2023-38252 | W3m: out of bounds read in strnew_size() at w3m/str.c | E | |
| CVE-2023-38253 | W3m: out of bounds read in growbuf_to_str() at w3m/indep.c | E | |
| CVE-2023-38254 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | S | |
| CVE-2023-38255 | Socomec MOD3GP-SY-120K Cross-site Scripting | S | |
| CVE-2023-38256 | Dover Fueling Solutions MAGLINK LX Console Path Traversal | S | |
| CVE-2023-38257 | CVE-2023-38257 | | |
| CVE-2023-38258 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monte... | | |
| CVE-2023-38259 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8... | | |
| CVE-2023-38261 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16... | | |
| CVE-2023-38262 | Rejected reason: This is unused.... | R | |
| CVE-2023-38263 | IBM SOAR QRadar Plugin App improper access controls | | |
| CVE-2023-38264 | IBM SDK, Java Technology Edition denial of service | | |
| CVE-2023-38267 | IBM Security Access Manager Appliance information disclosure | S | |
| CVE-2023-38268 | IBM InfoSphere Information Server cross-site request forgery | S | |
| CVE-2023-38271 | IBM Cloud Pak System information disclosure | | |
| CVE-2023-38272 | IBM Cloud Pak System information disclosure | | |
| CVE-2023-38273 | IBM Cloud Pak System information disclosure | S | |
| CVE-2023-38275 | IBM Cognos Dashboards information disclosure | S | |
| CVE-2023-38276 | IBM Cognos Dashboards information disclosure | S | |
| CVE-2023-38280 | IBM Power HMC privilege escalation | S | |
| CVE-2023-38283 | In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a p... | E S | |
| CVE-2023-38285 | Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.... | | |
| CVE-2023-38286 | Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 ... | E | |
| CVE-2023-38288 | Rejected reason: Not a Security Issue.... | R | |
| CVE-2023-38289 | Rejected reason: Not a Security Issue.... | R | |
| CVE-2023-38290 | Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pr... | | |
| CVE-2023-38291 | An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on device... | | |
| CVE-2023-38292 | Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with... | | |
| CVE-2023-38293 | Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-... | | |
| CVE-2023-38294 | Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installe... | | |
| CVE-2023-38295 | Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-install... | | |
| CVE-2023-38296 | Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system pro... | | |
| CVE-2023-38297 | An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from mul... | | |
| CVE-2023-38298 | Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to ... | | |
| CVE-2023-38299 | Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak th... | | |
| CVE-2023-38300 | A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/2301... | | |
| CVE-2023-38301 | An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices ... | | |
| CVE-2023-38302 | A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.21081... | | |
| CVE-2023-38303 | An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack ... | E | |
| CVE-2023-38304 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was disco... | E | |
| CVE-2023-38305 | An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a ... | E | |
| CVE-2023-38306 | An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was disco... | E | |
| CVE-2023-38307 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was disco... | E | |
| CVE-2023-38308 | An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered i... | E | |
| CVE-2023-38309 | An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was di... | E | |
| CVE-2023-38310 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was disco... | E | |
| CVE-2023-38311 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was disco... | E | |
| CVE-2023-38312 | A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote contro... | | |
| CVE-2023-38313 | An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer de... | | |
| CVE-2023-38314 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer deref... | | |
| CVE-2023-38315 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticat... | | |
| CVE-2023-38316 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape ca... | | |
| CVE-2023-38317 | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name en... | E | |
| CVE-2023-38318 | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the... | E | |
| CVE-2023-38319 | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the conf... | E | |
| CVE-2023-38320 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage N... | | |
| CVE-2023-38321 | OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attacke... | | |
| CVE-2023-38322 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL po... | | |
| CVE-2023-38323 | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry ... | E | |
| CVE-2023-38324 | An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (... | | |
| CVE-2023-38325 | The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical opt... | E S | |
| CVE-2023-38326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-38328 | An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affe... | | |
| CVE-2023-38330 | OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified header... | | |
| CVE-2023-38331 | Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products mo... | | |
| CVE-2023-38332 | Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's ... | | |
| CVE-2023-38333 | Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.... | | |
| CVE-2023-38334 | Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for lockin... | E | |
| CVE-2023-38335 | Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis librari... | E | |
| CVE-2023-38336 | netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by s... | E | |
| CVE-2023-38337 | rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory trav... | S | |
| CVE-2023-38343 | An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint... | | |
| CVE-2023-38344 | An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability ... | | |
| CVE-2023-38346 | An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR ... | E S | |
| CVE-2023-38347 | An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript... | E | |
| CVE-2023-38348 | A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.... | E | |
| CVE-2023-38349 | PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.... | | |
| CVE-2023-38350 | PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. Thi... | E | |
| CVE-2023-38351 | MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to ... | | |
| CVE-2023-38352 | MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achiev... | | |
| CVE-2023-38353 | MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that... | | |
| CVE-2023-38354 | MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to... | | |
| CVE-2023-38355 | MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve ... | | |
| CVE-2023-38356 | MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to... | | |
| CVE-2023-38357 | Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leadi... | E | |
| CVE-2023-38359 | IBM Cognos Analytics cross-site scripting | | |
| CVE-2023-38360 | IBM CICS TX cross-site scripting | | |
| CVE-2023-38361 | IBM CICS TX Advanced information disclosure | S | |
| CVE-2023-38362 | IBM CICS TX information disclosure | | |
| CVE-2023-38363 | IBM CICS TX information disclosure | S | |
| CVE-2023-38364 | IBM CICS TX Advanced cross-site scripting | S | |
| CVE-2023-38366 | IBM FileNet Content Manager directory traversal | | |
| CVE-2023-38367 | IBM Cloud Pak for Automation authentication bypass | | |
| CVE-2023-38368 | IBM Security Access Manager Docker information disclosure | | |
| CVE-2023-38369 | IBM Security Access Manager Container information disclosure | S | |
| CVE-2023-38370 | IBM Security Access Manager Docker information disclosure | | |
| CVE-2023-38371 | IBM Security Access Manager Docker information disclosure | | |
| CVE-2023-38372 | IBM Watson IoT Platform information disclosure | | |
| CVE-2023-38378 | The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remo... | E | |
| CVE-2023-38379 | The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remo... | E | |
| CVE-2023-38380 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < ... | | |
| CVE-2023-38381 | WordPress WP-FlyBox Plugin <= 6.46 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-38382 | WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection | | |
| CVE-2023-38383 | WordPress Language plugin <= 1.2.1 - Broken Access Control vulnerability | | |
| CVE-2023-38384 | WordPress eaSYNC Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-38385 | WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability | S | |
| CVE-2023-38386 | WordPress Ninja Forms plugin <= 3.6.25 - Contributor+ Broken Access Control vulnerability | S | |
| CVE-2023-38387 | WordPress Elastic Email Sender Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-38388 | WordPress Jupiter X Core plugin <= 3.3.5 - Unauth. Arbitrary File Upload vulnerability | S | |
| CVE-2023-38389 | WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability | S | |
| CVE-2023-38390 | WordPress Mobile Address Bar Changer Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-38391 | WordPress Onepage Builder – Easiest Landing Page Builder For WordPress Plugin <= 2.4.1 is vulnerable to SQL Injection | | |
| CVE-2023-38392 | WordPress Custom Field Template Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-38393 | WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability | S | |
| CVE-2023-38394 | WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability | S | |
| CVE-2023-38395 | WordPress WP Clone Menu plugin <= 1.0.1 - Broken Access Control vulnerability | | |
| CVE-2023-38396 | WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-38397 | WordPress Gestion-Pymes Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-38398 | WordPress Taboola Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-38399 | WordPress Phlox Portfolio plugin <= 2.3.1 - Unauthenticated Local File Inclusion vulnerability | S | |
| CVE-2023-38400 | WordPress Enfold Theme <= 5.6.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-38401 | Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client | | |
| CVE-2023-38402 | Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client | | |
| CVE-2023-38403 | iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted lengt... | S | |
| CVE-2023-38404 | The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an... | | |
| CVE-2023-38405 | On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet pack... | | |
| CVE-2023-38406 | bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowsp... | S | |
| CVE-2023-38407 | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during ... | S | |
| CVE-2023-38408 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search pa... | E S | |
| CVE-2023-38409 | An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel be... | S | |
| CVE-2023-38410 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS... | | |
| CVE-2023-38411 | Improper access control in the Intel Smart Campus android application before version 9.4 may allow a... | | |
| CVE-2023-38412 | Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and w... | E | |
| CVE-2023-38417 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may a... | | |
| CVE-2023-38418 | BIG-IP Edge Client for macOS vulnerability | | |
| CVE-2023-38419 | BIG-IP and BIG-IQ iControl SOAP vulnerability | | |
| CVE-2023-38420 | Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an auth... | | |
| CVE-2023-38421 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monte... | | |
| CVE-2023-38422 | Walchem Intuition Missing Authentication for Critical Function | S | |
| CVE-2023-38423 | BIG-IP Configuration utility vulnerability | | |
| CVE-2023-38424 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16... | | |
| CVE-2023-38425 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16... | | |
| CVE-2023-38426 | An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_fi... | S | |
| CVE-2023-38427 | An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an in... | S | |
| CVE-2023-38428 | An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not prope... | S | |
| CVE-2023-38429 | An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-... | S | |
| CVE-2023-38430 | An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request pr... | S | |
| CVE-2023-38431 | An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does n... | S | |
| CVE-2023-38432 | An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does no... | S | |
| CVE-2023-38433 | Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a ... | | |
| CVE-2023-38434 | xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.... | E | |
| CVE-2023-38435 | Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin | | |
| CVE-2023-38436 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-38437 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-38438 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-38439 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-38440 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-38441 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-38442 | In vowifiservice, there is a possible missing permission check.This could lead to local information ... | | |
| CVE-2023-38443 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38444 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38445 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38446 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38447 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38448 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38449 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38450 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38451 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38452 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38453 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38454 | In vowifi service, there is a possible missing permission check.This could lead to local information... | | |
| CVE-2023-38455 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38456 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38457 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38458 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38459 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38460 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38461 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38462 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38463 | In vowifiservice, there is a possible missing permission check.This could lead to local denial of se... | | |
| CVE-2023-38464 | In vowifiservice, there is a possible missing permission check.This could lead to local escalation o... | | |
| CVE-2023-38465 | In ims service, there is a possible missing permission check. This could lead to local information d... | | |
| CVE-2023-38466 | In ims service, there is a possible missing permission check. This could lead to local information d... | | |
| CVE-2023-38467 | In urild service, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2023-38468 | In urild service, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2023-38469 | Reachable assertion in avahi_dns_packet_append_record | | |
| CVE-2023-38470 | Reachable assertion in avahi_escape_label | | |
| CVE-2023-38471 | Reachable assertion in dbus_set_host_name | | |
| CVE-2023-38472 | Reachable assertion in avahi_rdata_parse | | |
| CVE-2023-38473 | Reachable assertion in avahi_alternative_host_name | | |
| CVE-2023-38474 | WordPress Campaign Monitor for WordPress Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-38475 | WordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Broken Access Control vulnerability | | |
| CVE-2023-38476 | WordPress Client Portal : SuiteDash Direct Login Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-38477 | WordPress QR code MeCard/vCard generator plugin <= 1.6.0 - Broken Access Control vulnerability | S | |
| CVE-2023-38478 | WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection | S | |
| CVE-2023-38479 | WordPress Simple Googlebot Visit plugin <= 1.2.4 - Broken Access Control vulnerability | S | |
| CVE-2023-38480 | WordPress Booster Elementor Addons plugin <= 1.4.9 - Broken Access Control vulnerability | | |
| CVE-2023-38481 | WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection | S | |
| CVE-2023-38482 | WordPress Post Affiliate Pro Plugin <= 1.25.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-38483 | WordPress Instant CSS plugin <= 1.1.4 - Broken Access Control vulnerability | S | |
| CVE-2023-38484 | Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways | | |
| CVE-2023-38485 | Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways | | |
| CVE-2023-38486 | Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways | | |
| CVE-2023-38487 | HedgeDoc API allows to hide existing notes | E S | |
| CVE-2023-38488 | Kirby vulnerable to field injection in the KirbyData text storage handler | S | |
| CVE-2023-38489 | Kirby vulnerable to Insufficient Session Expiration after a password change | S | |
| CVE-2023-38490 | Kirby XML External Entity (XXE) vulnerability in the XML data handler | S | |
| CVE-2023-38491 | Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files | S | |
| CVE-2023-38492 | Kirby vulnerable to denial of service from unlimited password lengths | | |
| CVE-2023-38493 | Paths contain matrix variables bypass decorators | S | |
| CVE-2023-38494 | The cloud version of the MeterSphere interface leaks some sensitive data without authentication | E S | |
| CVE-2023-38495 | Crossplane vulnerable to possible image tampering from missing image validation for Packages | E | |
| CVE-2023-38496 | Apptainer's ineffective privileges drop when requesting container network | S | |
| CVE-2023-38497 | Cargo not respecting umask when extracting crate archives | S | |
| CVE-2023-38498 | Discourse vulnerable to DoS via defer queue | S | |
| CVE-2023-38499 | typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution | S | |
| CVE-2023-38500 | By-passing Cross-Site Scripting Protection in HTML Sanitizer | S | |
| CVE-2023-38501 | copyparty vulnerable to reflected cross-site scripting via k304 parameter | S | |
| CVE-2023-38502 | TDengine Database Denial-of-Service | | |
| CVE-2023-38503 | Directus has Incorrect Permission Checking for GraphQL Subscriptions | S | |
| CVE-2023-38504 | Sails DoS vulnerability for apps with sockets enabled | S | |
| CVE-2023-38505 | DietPi-Dashboard Insufficient TLS Handshake Pool | E S | |
| CVE-2023-38506 | Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin | E | |
| CVE-2023-38507 | Strapi Improper Rate Limiting vulnerability | E | |
| CVE-2023-38508 | Tuleap allows preview of a linked artifact with a type does not respect permissions | E S | |
| CVE-2023-38509 | XWiki Platform's obfuscated email addresses should not be sorted | E S | |
| CVE-2023-38510 | Tolgee Lacks Permission Check for API Key for some endpoints | S | |
| CVE-2023-38511 | iTop Dashboard editor vulnerable dashboard config file parameter | E S | |
| CVE-2023-38512 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-38513 | WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-38514 | WordPress Social Share Icons & Social Share Buttons plugin <= 3.5.7 - Broken Access Control vulnerability | S | |
| CVE-2023-38515 | WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-38516 | WordPress Audio Player with Playlist Ultimate Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-38517 | WordPress WRC Pricing Tables Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-38518 | WordPress Borderless Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-38519 | WordPress MainWP Plugin <= 4.4.3.3 is vulnerable to SQL Injection | S | |
| CVE-2023-38520 | WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering | S | |
| CVE-2023-38521 | WordPress Exifography Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-38522 | Apache Traffic Server: Incomplete field name check allows request smuggling | | |
| CVE-2023-38523 | The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /... | E | |
| CVE-2023-38524 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38525 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38526 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38527 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38528 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38529 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | | |
| CVE-2023-38530 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38531 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38532 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | S | |
| CVE-2023-38533 | A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected compo... | | |
| CVE-2023-38534 | Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5... | S | |
| CVE-2023-38535 | Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.... | S | |
| CVE-2023-38536 | HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result ... | S | |
| CVE-2023-38537 | A race condition in a network transport subsystem led to a heap use-after-free issue in established ... | | |
| CVE-2023-38538 | A race condition in an event subsystem led to a heap use-after-free issue in established audio/video... | | |
| CVE-2023-38541 | Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel ... | | |
| CVE-2023-38543 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which coul... | | |
| CVE-2023-38544 | A logged in user can modify specific files that may lead to unauthorized changes in system-wide conf... | | |
| CVE-2023-38545 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked... | S | |
| CVE-2023-38546 | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the ... | S | |
| CVE-2023-38547 | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server... | S | |
| CVE-2023-38548 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client ... | S | |
| CVE-2023-38549 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client ... | S | |
| CVE-2023-38551 | A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-pri... | | |
| CVE-2023-38552 | When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the a... | | |
| CVE-2023-38553 | In gnss service, there is a possible out of bounds write due to a missing bounds check. This could l... | | |
| CVE-2023-38554 | In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could ... | | |
| CVE-2023-38555 | Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a ... | | |
| CVE-2023-38556 | Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker t... | | |
| CVE-2023-38557 | A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product... | | |
| CVE-2023-38558 | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions),... | S | |
| CVE-2023-38559 | Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos | S | |
| CVE-2023-38560 | Ghostscript: integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name | S | |
| CVE-2023-38561 | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenti... | | |
| CVE-2023-38562 | A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedde... | E | |
| CVE-2023-38563 | Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions... | | |
| CVE-2023-38564 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may ... | | |
| CVE-2023-38565 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey ... | | |
| CVE-2023-38566 | Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authentic... | | |
| CVE-2023-38568 | Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthent... | | |
| CVE-2023-38569 | Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticate... | S | |
| CVE-2023-38570 | Access of memory location after end of buffer for some Intel Unison software may allow an authentica... | | |
| CVE-2023-38571 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur ... | | |
| CVE-2023-38572 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i... | | |
| CVE-2023-38573 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field... | E | |
| CVE-2023-38574 | Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker... | | |
| CVE-2023-38575 | Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may... | | |
| CVE-2023-38576 | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION all... | | |
| CVE-2023-38579 | Westermo Lynx 206-F2G Cross-Site Request Forgery | M | |
| CVE-2023-38580 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16... | | |
| CVE-2023-38581 | Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticate... | | |
| CVE-2023-38582 | Socomec MOD3GP-SY-120K Cross-site Scripting | S | |
| CVE-2023-38583 | A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits functi... | E | |
| CVE-2023-38584 | Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow | S | |
| CVE-2023-38585 | Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to ... | | |
| CVE-2023-38586 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Son... | | |
| CVE-2023-38587 | Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially... | | |
| CVE-2023-38588 | Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authe... | | |
| CVE-2023-38590 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS ... | | |
| CVE-2023-38591 | Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and ... | E | |
| CVE-2023-38592 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 1... | | |
| CVE-2023-38593 | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS ... | | |
| CVE-2023-38594 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i... | | |
| CVE-2023-38595 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS ... | | |
| CVE-2023-38596 | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 ... | | |
| CVE-2023-38597 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i... | | |
| CVE-2023-38598 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS... | | |
| CVE-2023-38599 | A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watc... | | |
| CVE-2023-38600 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS ... | | |
| CVE-2023-38601 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.... | | |
| CVE-2023-38602 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Montere... | | |
| CVE-2023-38603 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS... | | |
| CVE-2023-38604 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in wa... | | |
| CVE-2023-38605 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2023-38606 | This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.... | KEV | |
| CVE-2023-38607 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An... | | |
| CVE-2023-38608 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2023-38609 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventur... | | |
| CVE-2023-38610 | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macO... | | |
| CVE-2023-38611 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16... | | |
| CVE-2023-38612 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 a... | | |
| CVE-2023-38614 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iP... | | |
| CVE-2023-38615 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An ap... | | |
| CVE-2023-38616 | A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13... | | |
| CVE-2023-38617 | Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scriptin... | E | |
| CVE-2023-38618 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW... | E | |
| CVE-2023-38619 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW... | E | |
| CVE-2023-38620 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW... | E | |
| CVE-2023-38621 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW... | E | |
| CVE-2023-38622 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW... | E | |
| CVE-2023-38623 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW... | E | |
| CVE-2023-38624 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 20... | | |
| CVE-2023-38625 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 20... | | |
| CVE-2023-38626 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 20... | | |
| CVE-2023-38627 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 20... | | |
| CVE-2023-38632 | async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing m... | E | |
| CVE-2023-38633 | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or ... | E S | |
| CVE-2023-38640 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected a... | S | |
| CVE-2023-38641 | A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected applic... | S | |
| CVE-2023-38646 | Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to exec... | | |
| CVE-2023-38647 | Apache Helix: Deserialization vulnerability in Helix workflow and REST | | |
| CVE-2023-38648 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression funct... | E | |
| CVE-2023-38649 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression funct... | E | |
| CVE-2023-38650 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing fun... | E | |
| CVE-2023-38651 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing fun... | E | |
| CVE-2023-38652 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing func... | E | |
| CVE-2023-38653 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing func... | E | |
| CVE-2023-38654 | Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before ve... | | |
| CVE-2023-38655 | Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability m... | | |
| CVE-2023-38657 | An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GT... | E | |
| CVE-2023-38665 | Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of se... | E | |
| CVE-2023-38666 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessF... | E | |
| CVE-2023-38667 | Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of s... | E | |
| CVE-2023-38668 | Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (c... | E | |
| CVE-2023-38669 | Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially explo... | E S | |
| CVE-2023-38670 | Null pointer dereference in paddle.flip | E S | |
| CVE-2023-38671 | Heap buffer overflow in paddle.trace | E S | |
| CVE-2023-38672 | FPE in paddle.linalg.matrix_power | E S | |
| CVE-2023-38673 | Command injection in fs.py | E S | |
| CVE-2023-38674 | FPE in paddle.nanmedian | S | |
| CVE-2023-38675 | FPE in paddle.linalg.matrix_rank | S | |
| CVE-2023-38676 | Segfault in paddle.dot | S | |
| CVE-2023-38677 | FPE in paddle.linalg.eig | S | |
| CVE-2023-38678 | Segfault in paddle.mode | S | |
| CVE-2023-38679 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-38680 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-38681 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-38682 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V1... | | |
| CVE-2023-38683 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V1... | | |
| CVE-2023-38684 | Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions | S | |
| CVE-2023-38685 | Discourse's restricted tag information visible to unauthenticated users | S | |
| CVE-2023-38686 | Sydent does not verify email server certificates | S | |
| CVE-2023-38687 | Execution of arbitrary JavaScript from Svelecte item names | E | |
| CVE-2023-38688 | twitch-tui's connection is not encrypted | S | |
| CVE-2023-38689 | Deserialization of Untrusted Data in network IO | S | |
| CVE-2023-38690 | matrix-appservice-irc IRC command injection via admin commands containing newlines | S | |
| CVE-2023-38691 | matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs | S | |
| CVE-2023-38692 | Command injection vulnerability in module management function in CloudExplorer Lite | E | |
| CVE-2023-38693 | RCE in Lucee REST endpoint | | |
| CVE-2023-38694 | Umbraco CMS vulnerable to possible injection of HTML in an unintended form | | |
| CVE-2023-38695 | cypress-image-snapshot vulnerable to insecure snapshot file names | E S | |
| CVE-2023-38696 | Rejected reason: This CVE has been rejected because it is unclear whether the issue rests in the ori... | R | |
| CVE-2023-38697 | protocol-http1 HTTP Request/Response Smuggling vulnerability | S | |
| CVE-2023-38698 | .eth registrar controller can shorten the duration of registered names | E S | |
| CVE-2023-38699 | MindsDB 'Call to requests with verify=False disabling SSL certificate checks, security issue.' issue | S | |
| CVE-2023-38700 | matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms | S | |
| CVE-2023-38701 | Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone | E | |
| CVE-2023-38702 | Knowage Server vulnerable to path traversal via upload functionality | E | |
| CVE-2023-38703 | PJSIP has use-after-free vulnerability in SRTP media transport | S | |
| CVE-2023-38704 | import-in-the-middle allows unsanitized user controlled input in module generation | S | |
| CVE-2023-38706 | Discourse vulnerable to DoS via drafts | E | |
| CVE-2023-38707 | Rejected reason: This CVE has been rejected because of [CNA rule 7.4.7](https://www.cve.org/Resource... | R | |
| CVE-2023-38708 | Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction | S | |
| CVE-2023-38709 | Apache HTTP Server: HTTP response splitting | | |
| CVE-2023-38710 | An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an in... | | |
| CVE-2023-38711 | An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured wit... | | |
| CVE-2023-38712 | An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational ... | | |
| CVE-2023-38713 | IBM Cloud Pak System information disclosure | | |
| CVE-2023-38714 | IBM Cloud Pak System information disclosure | | |
| CVE-2023-38716 | IBM Cloud Pak System information disclosure | | |
| CVE-2023-38718 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2023-38719 | IBM Db2 denial of service | S | |
| CVE-2023-38720 | IBM Db2 denial of service | S | |
| CVE-2023-38721 | IBM i privilege escalation | S | |
| CVE-2023-38722 | IBM Sterling Partner Engagement Manager cross-site scripting | S | |
| CVE-2023-38723 | Maximo Asset Management cross-site scripting | | |
| CVE-2023-38724 | IBM Cognos Controller SQL injection | | |
| CVE-2023-38727 | IBM Db2 denial of service | | |
| CVE-2023-38728 | IBM Db2 denial of service | S | |
| CVE-2023-38729 | IBM Db2 information disclosure | | |
| CVE-2023-38730 | IBM Spectrum Copy Data Management information disclosure | S | |
| CVE-2023-38732 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2023-38733 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2023-38734 | IBM Robotic Process Automation privilege escalation | S | |
| CVE-2023-38735 | IBM Cognos Dashboards improper authentication | S | |
| CVE-2023-38736 | IBM QRadar WinCollect Agent privilege escalation | | |
| CVE-2023-38737 | IBM WebSphere Application Server Liberty denial of service | S | |
| CVE-2023-38738 | IBM OpenPages with Watson information disclosure | S | |
| CVE-2023-38739 | IBM Sterling B2B Integrator cross-site request forgery | | |
| CVE-2023-38740 | IBM Db2 denial of service | S | |
| CVE-2023-38741 | IBM TXSeries for Multiplatforms denial of service | | |
| CVE-2023-38743 | Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the hos... | | |
| CVE-2023-38744 | Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue ex... | | |
| CVE-2023-38745 | Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image ... | S | |
| CVE-2023-38746 | Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V... | | |
| CVE-2023-38747 | Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4... | | |
| CVE-2023-38748 | Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and e... | | |
| CVE-2023-38750 | In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.... | | |
| CVE-2023-38751 | Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison vers... | | |
| CVE-2023-38752 | Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison vers... | | |
| CVE-2023-38758 | Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote at... | E | |
| CVE-2023-38759 | Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows ... | | |
| CVE-2023-38760 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38761 | Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute ar... | | |
| CVE-2023-38762 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38763 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38764 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38765 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38766 | Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute ar... | | |
| CVE-2023-38767 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38768 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38769 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38770 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38771 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38773 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive inform... | | |
| CVE-2023-38802 | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of... | E | |
| CVE-2023-38812 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-38814 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-38815 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-40042. Reason: This candidat... | R | |
| CVE-2023-38817 | An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a c... | E | |
| CVE-2023-38823 | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a rem... | | |
| CVE-2023-38825 | SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain ... | E | |
| CVE-2023-38826 | A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_... | E | |
| CVE-2023-38827 | Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows ... | E | |
| CVE-2023-38829 | An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via... | E | |
| CVE-2023-38830 | An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' cred... | | |
| CVE-2023-38831 | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a ... | KEV E | |
| CVE-2023-38836 | File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by a... | E | |
| CVE-2023-38838 | SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive i... | E S | |
| CVE-2023-38839 | SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive i... | E | |
| CVE-2023-38840 | Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive inform... | S | |
| CVE-2023-38843 | An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted pay... | | |
| CVE-2023-38844 | SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary... | E | |
| CVE-2023-38845 | An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive ... | E | |
| CVE-2023-38846 | An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via ... | E | |
| CVE-2023-38847 | An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information v... | E | |
| CVE-2023-38848 | An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive informati... | E | |
| CVE-2023-38849 | An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via cr... | E | |
| CVE-2023-38850 | Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of... | E | |
| CVE-2023-38851 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38852 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38853 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38854 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38855 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38856 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38857 | Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38858 | Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code an... | E | |
| CVE-2023-38860 | An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt pa... | E | |
| CVE-2023-38861 | An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary c... | E | |
| CVE-2023-38862 | An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination... | E | |
| CVE-2023-38863 | An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and ... | E | |
| CVE-2023-38864 | An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_dele... | E | |
| CVE-2023-38865 | COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attack... | E | |
| CVE-2023-38866 | COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attack... | E | |
| CVE-2023-38870 | A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-bet... | E | |
| CVE-2023-38871 | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnera... | E | |
| CVE-2023-38872 | An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April... | E | |
| CVE-2023-38873 | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking.... | E | |
| CVE-2023-38874 | A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizz... | E | |
| CVE-2023-38875 | A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows re... | | |
| CVE-2023-38876 | A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows re... | | |
| CVE-2023-38877 | A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 ... | E | |
| CVE-2023-38878 | A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.... | E | |
| CVE-2023-38879 | The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitra... | | |
| CVE-2023-38880 | The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerabili... | | |
| CVE-2023-38881 | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's... | | |
| CVE-2023-38882 | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's... | | |
| CVE-2023-38883 | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's... | | |
| CVE-2023-38884 | An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of ope... | | |
| CVE-2023-38885 | OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection thr... | | |
| CVE-2023-38886 | An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbi... | E | |
| CVE-2023-38887 | File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execut... | E | |
| CVE-2023-38888 | Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker ... | E | |
| CVE-2023-38889 | An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted sc... | E S | |
| CVE-2023-38890 | Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries... | E | |
| CVE-2023-38891 | SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate... | | |
| CVE-2023-38894 | A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execu... | E | |
| CVE-2023-38896 | An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitr... | E S | |
| CVE-2023-38898 | An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio... | E S | |
| CVE-2023-38899 | SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileg... | | |
| CVE-2023-38902 | A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-... | E | |
| CVE-2023-38904 | A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to exe... | E | |
| CVE-2023-38905 | SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a deni... | E | |
| CVE-2023-38906 | An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Cam... | | |
| CVE-2023-38907 | An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, ... | | |
| CVE-2023-38908 | An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, ... | | |
| CVE-2023-38909 | An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, ... | E | |
| CVE-2023-38910 | CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitra... | E | |
| CVE-2023-38911 | A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary co... | E | |
| CVE-2023-38912 | SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execu... | E | |
| CVE-2023-38914 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-38915 | File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary... | E M | |
| CVE-2023-38916 | SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary... | E | |
| CVE-2023-38920 | Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to ... | E | |
| CVE-2023-38921 | Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vu... | | |
| CVE-2023-38922 | Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain m... | | |
| CVE-2023-38924 | Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password paramete... | | |
| CVE-2023-38925 | Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer ove... | | |
| CVE-2023-38926 | Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter... | E | |
| CVE-2023-38928 | Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the passwor... | | |
| CVE-2023-38929 | Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSe... | E | |
| CVE-2023-38930 | Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and ... | E | |
| CVE-2023-38931 | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V... | E | |
| CVE-2023-38932 | Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain... | E | |
| CVE-2023-38933 | Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2... | E | |
| CVE-2023-38934 | Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack ove... | E | |
| CVE-2023-38935 | Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC... | E | |
| CVE-2023-38936 | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5... | E | |
| CVE-2023-38937 | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V... | E | |
| CVE-2023-38938 | Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain... | E | |
| CVE-2023-38939 | Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssi... | E | |
| CVE-2023-38940 | Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack ov... | E | |
| CVE-2023-38941 | django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability vi... | | |
| CVE-2023-38942 | Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via... | E S | |
| CVE-2023-38943 | ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the c... | E | |
| CVE-2023-38944 | An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_p... | E | |
| CVE-2023-38945 | Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.... | E | |
| CVE-2023-38946 | An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to by... | E | |
| CVE-2023-38947 | An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 al... | E | |
| CVE-2023-38948 | An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.... | E | |
| CVE-2023-38949 | An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily re... | | |
| CVE-2023-38950 | A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated att... | KEV E | |
| CVE-2023-38951 | ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to cre... | | |
| CVE-2023-38952 | Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate t... | | |
| CVE-2023-38954 | ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.... | | |
| CVE-2023-38955 | ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about a... | | |
| CVE-2023-38956 | A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to re... | | |
| CVE-2023-38958 | An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrari... | | |
| CVE-2023-38960 | Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local ... | E | |
| CVE-2023-38961 | Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to... | E | |
| CVE-2023-38964 | Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.... | E | |
| CVE-2023-38965 | Lost and Found Information System 1.0 allows account takeover via username and password to a /classe... | E | |
| CVE-2023-38969 | Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary c... | E | |
| CVE-2023-38970 | Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execut... | E | |
| CVE-2023-38971 | Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execut... | E | |
| CVE-2023-38973 | A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows at... | | |
| CVE-2023-38974 | A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 all... | E | |
| CVE-2023-38975 | * Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service... | E | |
| CVE-2023-38976 | An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUn... | E | |
| CVE-2023-38988 | An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticat... | E | |
| CVE-2023-38989 | An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated a... | E | |
| CVE-2023-38990 | An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated a... | E | |
| CVE-2023-38991 | An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticat... | E | |
| CVE-2023-38992 | jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at... | E S | |
| CVE-2023-38994 | The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 reve... | E | |
| CVE-2023-38995 | An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted ... | E | |
| CVE-2023-38996 | An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execut... | E | |
| CVE-2023-38997 | A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition be... | E S | |
| CVE-2023-38998 | An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition be... | E S | |
| CVE-2023-38999 | A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edit... | E S |