| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-39000 | A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of O... | E S | |
| CVE-2023-39001 | A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition bef... | E S | |
| CVE-2023-39002 | A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsens... | E S | |
| CVE-2023-39003 | OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain ... | E | |
| CVE-2023-39004 | Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23... | E | |
| CVE-2023-39005 | Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business... | E | |
| CVE-2023-39006 | The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Busi... | E S | |
| CVE-2023-39007 | /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edit... | E S | |
| CVE-2023-39008 | A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community ... | E S | |
| CVE-2023-39010 | BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.cal... | E | |
| CVE-2023-39013 | Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.pr... | E | |
| CVE-2023-39015 | webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the... | E | |
| CVE-2023-39016 | bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the co... | E | |
| CVE-2023-39017 | quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the componen... | E | |
| CVE-2023-39018 | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net... | E S | |
| CVE-2023-39020 | stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the com... | E | |
| CVE-2023-39021 | wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the ... | E | |
| CVE-2023-39022 | oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component co... | E | |
| CVE-2023-39023 | university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the ... | E | |
| CVE-2023-39026 | Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows... | E | |
| CVE-2023-39039 | An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access... | E | |
| CVE-2023-39040 | An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token ... | E | |
| CVE-2023-39041 | An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token a... | E | |
| CVE-2023-39042 | An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token... | E | |
| CVE-2023-39043 | An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel ... | E | |
| CVE-2023-39044 | An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access to... | E | |
| CVE-2023-39045 | An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel acces... | E | |
| CVE-2023-39046 | An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access... | E | |
| CVE-2023-39047 | An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token ... | E S | |
| CVE-2023-39048 | An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token a... | E | |
| CVE-2023-39049 | An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token ... | E | |
| CVE-2023-39050 | An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access to... | E | |
| CVE-2023-39051 | An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the... | E | |
| CVE-2023-39052 | An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access toke... | E | |
| CVE-2023-39053 | An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and sen... | E | |
| CVE-2023-39054 | An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access toke... | E | |
| CVE-2023-39056 | An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and ... | E | |
| CVE-2023-39057 | An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access tok... | E | |
| CVE-2023-39058 | An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access toke... | E | |
| CVE-2023-39059 | An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a craf... | E | |
| CVE-2023-39061 | Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote aut... | | |
| CVE-2023-39062 | Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to exec... | E | |
| CVE-2023-39063 | Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary co... | E | |
| CVE-2023-39067 | Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbi... | | |
| CVE-2023-39068 | Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.202... | | |
| CVE-2023-39069 | An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain... | | |
| CVE-2023-39070 | An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContra... | E | |
| CVE-2023-39073 | An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstiv... | | |
| CVE-2023-39075 | Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2... | E | |
| CVE-2023-39076 | Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Softw... | | |
| CVE-2023-39086 | ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.... | | |
| CVE-2023-39094 | Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execu... | E | |
| CVE-2023-39096 | WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of in... | | |
| CVE-2023-39097 | WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.... | | |
| CVE-2023-39106 | An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute ... | E | |
| CVE-2023-39107 | An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS ... | E | |
| CVE-2023-39108 | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b paramet... | E | |
| CVE-2023-39109 | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a paramet... | E | |
| CVE-2023-39110 | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter... | E | |
| CVE-2023-39112 | ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.... | E | |
| CVE-2023-39113 | ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at g... | E S | |
| CVE-2023-39114 | ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAni... | E S | |
| CVE-2023-39115 | install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via... | E | |
| CVE-2023-39121 | emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.p... | E | |
| CVE-2023-39122 | BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-... | | |
| CVE-2023-39125 | NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file... | E | |
| CVE-2023-39128 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_d... | E | |
| CVE-2023-39129 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function ... | | |
| CVE-2023-39130 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function... | | |
| CVE-2023-39135 | An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip e... | E | |
| CVE-2023-39136 | An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to caus... | E S | |
| CVE-2023-39137 | An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent fi... | E | |
| CVE-2023-39138 | An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a craf... | E | |
| CVE-2023-39139 | An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip... | E | |
| CVE-2023-39141 | webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.... | E | |
| CVE-2023-39143 | PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upl... | E | |
| CVE-2023-39144 | Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.... | E | |
| CVE-2023-39147 | An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code vi... | E | |
| CVE-2023-39150 | ConEmu before commit 230724 does not sanitize title responses correctly for control characters, pote... | S | |
| CVE-2023-39151 | Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in buil... | | |
| CVE-2023-39152 | Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials ... | | |
| CVE-2023-39153 | A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and... | | |
| CVE-2023-39154 | Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier a... | | |
| CVE-2023-39155 | Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing... | | |
| CVE-2023-39156 | A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows a... | | |
| CVE-2023-39157 | WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE) | S | |
| CVE-2023-39158 | WordPress Woocommerce Category Banner Management Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39159 | WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39161 | WordPress Discussion Board plugin <= 2.4.8 - Content Injection vulnerability | S | |
| CVE-2023-39162 | WordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-39163 | WordPress Phlox Shop plugin <= 2.0.0 - Unauthenticated Local File Inclusion vulnerability | | |
| CVE-2023-39164 | WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-39165 | WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39166 | WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39167 | SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability | E | |
| CVE-2023-39168 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-39169 | SENEC: Storage Box V1,V2 and V3 using default credentials | | |
| CVE-2023-39170 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-39171 | SENEC Storage Box V1,V2 and V3 accidentially expose a management interface | E | |
| CVE-2023-39172 | SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted | | |
| CVE-2023-39173 | In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full a... | | |
| CVE-2023-39174 | In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue tracke... | | |
| CVE-2023-39175 | In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible... | | |
| CVE-2023-39176 | Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability | | |
| CVE-2023-39179 | Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability | | |
| CVE-2023-39180 | Kernel: ksmbd: read request memory leak denial-of-service vulnerability | | |
| CVE-2023-39181 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39182 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39183 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39184 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39185 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39186 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39187 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39188 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | | |
| CVE-2023-39189 | Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one() | S | |
| CVE-2023-39190 | Rejected reason: CVE-2023-39190 was found to be a duplicate of CVE-2023-31436. Please see https://ac... | R | |
| CVE-2023-39191 | Kernel: ebpf: insufficient stack type checks in dynptr | S | |
| CVE-2023-39192 | Kernel: netfilter: xtables out-of-bounds read in u32_match_it() | S | |
| CVE-2023-39193 | Kernel: netfilter: xtables sctp out-of-bounds read in match_flags() | S | |
| CVE-2023-39194 | Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match() | S | |
| CVE-2023-39195 | Rejected reason: CVE-2023-39195 was found to be a duplicate of CVE-2023-42755. Please see https://ac... | R | |
| CVE-2023-39196 | Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints | | |
| CVE-2023-39197 | Kernel: dccp: conntrack out-of-bounds read in nf_conntrack_dccp_packet() | | |
| CVE-2023-39198 | Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create() | S | |
| CVE-2023-39199 | Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to condu... | | |
| CVE-2023-39201 | Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduc... | | |
| CVE-2023-39202 | Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged us... | | |
| CVE-2023-39203 | Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI... | | |
| CVE-2023-39204 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of servic... | | |
| CVE-2023-39205 | Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to cond... | | |
| CVE-2023-39206 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of servic... | | |
| CVE-2023-39208 | Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unaut... | | |
| CVE-2023-39209 | Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticate... | | |
| CVE-2023-39210 | Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an... | | |
| CVE-2023-39211 | Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5... | | |
| CVE-2023-39212 | Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated us... | | |
| CVE-2023-39213 | Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client b... | | |
| CVE-2023-39214 | Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user... | | |
| CVE-2023-39215 | Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of servi... | | |
| CVE-2023-39216 | Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthentica... | | |
| CVE-2023-39217 | Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a... | | |
| CVE-2023-39218 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privilege... | | |
| CVE-2023-39219 | Admin Console Denial of Service via Java class enumeration | | |
| CVE-2023-39221 | Improper access control for some Intel Unison software may allow an authenticated user to potentiall... | | |
| CVE-2023-39222 | OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an aut... | | |
| CVE-2023-39223 | Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PM... | | |
| CVE-2023-39224 | Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' a... | | |
| CVE-2023-39226 | Delta Electronics InfraSuite Device Master Exposed Dangerous Method Or Function | S | |
| CVE-2023-39227 | Softneta MedDream PACS Plaintext Storage of a Password | S | |
| CVE-2023-39228 | Improper access control for some Intel Unison software may allow an unauthenticated user to potentia... | | |
| CVE-2023-39230 | Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5... | | |
| CVE-2023-39231 | PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass | | |
| CVE-2023-39233 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web... | | |
| CVE-2023-39234 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort function... | E | |
| CVE-2023-39235 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort function... | E | |
| CVE-2023-39236 | ASUS RT-AC86U - Command injection vulnerability - 4 | S | |
| CVE-2023-39237 | ASUS RT-AC86U - Command injection vulnerability - 5 | S | |
| CVE-2023-39238 | ASUS RT-AX55、RT-AX56U_V2 - Format String - 1 | S | |
| CVE-2023-39239 | ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2 | S | |
| CVE-2023-39240 | ASUS RT-AX55、RT-AX56U_V2 - Format String - 3 | S | |
| CVE-2023-39244 | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclos... | | |
| CVE-2023-39245 | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclo... | | |
| CVE-2023-39246 | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versi... | | |
| CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumpti... | | |
| CVE-2023-39249 | Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerabil... | | |
| CVE-2023-39250 | Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) ... | | |
| CVE-2023-39251 | Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high pri... | | |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remo... | S | |
| CVE-2023-39253 | Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Con... | | |
| CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerabilit... | | |
| CVE-2023-39256 | Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability... | | |
| CVE-2023-39257 | Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability... | | |
| CVE-2023-39259 | Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Con... | | |
| CVE-2023-39261 | In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions... | | |
| CVE-2023-39264 | Apache Superset: Stack traces enabled by default | | |
| CVE-2023-39265 | Apache Superset: Possible Unauthorized Registration of SQLite Database Connections | | |
| CVE-2023-39266 | Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch | | |
| CVE-2023-39267 | Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface | | |
| CVE-2023-39268 | Memory Corruption Vulnerability in ArubaOS-Switch | | |
| CVE-2023-39269 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i... | | |
| CVE-2023-39270 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK... | E | |
| CVE-2023-39271 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK... | E | |
| CVE-2023-39272 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK... | E | |
| CVE-2023-39273 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK... | E | |
| CVE-2023-39274 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK... | E | |
| CVE-2023-39275 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK... | E | |
| CVE-2023-39276 | SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json U... | | |
| CVE-2023-39277 | SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appf... | | |
| CVE-2023-39278 | SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerabilit... | | |
| CVE-2023-39279 | SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.jso... | | |
| CVE-2023-39280 | SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoSt... | | |
| CVE-2023-39281 | A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel... | | |
| CVE-2023-39283 | An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde ... | | |
| CVE-2023-39284 | An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There a... | | |
| CVE-2023-39285 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.... | | |
| CVE-2023-39286 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.1... | | |
| CVE-2023-39287 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.... | | |
| CVE-2023-39288 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.1... | | |
| CVE-2023-39289 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.1... | | |
| CVE-2023-39290 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800... | | |
| CVE-2023-39291 | A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 cou... | | |
| CVE-2023-39292 | A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1... | | |
| CVE-2023-39293 | A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller throu... | | |
| CVE-2023-39294 | QTS, QuTS hero | S | |
| CVE-2023-39295 | QuMagie | S | |
| CVE-2023-39296 | QTS, QuTS hero | S | |
| CVE-2023-39297 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-39298 | QTS, QuTS hero | S | |
| CVE-2023-39299 | Music Station | S | |
| CVE-2023-39300 | QTS | S | |
| CVE-2023-39301 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-39302 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-39303 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-39305 | WordPress Yet Another Stars Rating plugin <= 3.4.3 - Broken Access Control vulnerability | S | |
| CVE-2023-39306 | WordPress Avada Builder plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2023-39307 | WordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability | S | |
| CVE-2023-39308 | WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-39309 | WordPress Avada Builder plugin <= 3.11.1 - Auth. SQL Injection vulnerability | S | |
| CVE-2023-39310 | WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability | S | |
| CVE-2023-39311 | WordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2023-39312 | WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability | S | |
| CVE-2023-39313 | WordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2023-39314 | WordPress Leyka Plugin <= 3.30.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-39316 | Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWav... | E | |
| CVE-2023-39317 | Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWav... | E | |
| CVE-2023-39318 | Improper handling of HTML-like comments in script contexts in html/template | S | |
| CVE-2023-39319 | Improper handling of special tags within script contexts in html/template | S | |
| CVE-2023-39320 | Arbitrary code execution via go.mod toolchain directive in cmd/go | S | |
| CVE-2023-39321 | Panic when processing post-handshake message on QUIC connections in crypto/tls | S | |
| CVE-2023-39322 | Memory exhaustion in QUIC connection handling in crypto/tls | S | |
| CVE-2023-39323 | Arbitrary code execution during build via line directives in cmd/go | S | |
| CVE-2023-39324 | Rejected reason: reserved but not needed... | R | |
| CVE-2023-39325 | HTTP/2 rapid reset can cause excessive work in net/http | | |
| CVE-2023-39326 | Denial of service via chunk extensions in net/http | S | |
| CVE-2023-39327 | Openjpeg: malicious files can cause the program to enter a large loop | | |
| CVE-2023-39328 | Openjpeg: denail of service via crafted image file | | |
| CVE-2023-39329 | Openjpeg: resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c | | |
| CVE-2023-39331 | A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. ... | | |
| CVE-2023-39332 | Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Nod... | | |
| CVE-2023-39333 | Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The i... | | |
| CVE-2023-39335 | A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowin... | | |
| CVE-2023-39336 | An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 al... | | |
| CVE-2023-39337 | A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with know... | | |
| CVE-2023-39338 | Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they... | | |
| CVE-2023-39339 | A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated a... | | |
| CVE-2023-39340 | A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can s... | | |
| CVE-2023-39341 | "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional condi... | | |
| CVE-2023-39342 | Dangerzone CLI does not sanitize ANSI escape characters | S | |
| CVE-2023-39343 | Sulu Observable Response Discrepancy on Admin Login | S | |
| CVE-2023-39344 | social-media-skeleton vulnerable to Pre-Auth SQLi leading to RCE | E S | |
| CVE-2023-39345 | Unauthorized Access to Private Fields in User Registration API in strapi | E | |
| CVE-2023-39346 | bjrjk/LinuxASMCallGraph before commit 20dba06 allows attackers to cause a RCE on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file | S | |
| CVE-2023-39347 | Cilium NetworkPolicy bypass via pod labels | E | |
| CVE-2023-39348 | Improper log output when using GitHub Status Notifications in spinnaker | S | |
| CVE-2023-39349 | Sentry vulnerable to privilege escalation via ApiTokensEndpoint | E S | |
| CVE-2023-39350 | Incorrect offset calculation leading to denial of service in FreeRDP | E S | |
| CVE-2023-39351 | FreeRDP Null Pointer Dereference leading denial of service | E | |
| CVE-2023-39352 | Invalid offset validation leading to Out Of Bound Write in FreeRDP | E | |
| CVE-2023-39353 | Missing offset validation leading to Out Of Bound Read in FreeRDP | E | |
| CVE-2023-39354 | FreeRDP Out-Of-Bounds Read in nsc_rle_decompress_data | E S | |
| CVE-2023-39355 | FreeRDP Use-After-Free in RDPGFX_CMDID_RESETGRAPHICS | E S | |
| CVE-2023-39356 | Missing offset validation leading to Out-of-Bounds Read in FreeRDP | E | |
| CVE-2023-39357 | A Defect in sql_save() Causes Multiple SQL Injection Vulnerabilities in Cacti | E | |
| CVE-2023-39358 | Authenticated SQL injection vulnerability in reports_user.php in Cacti | E | |
| CVE-2023-39359 | Authenticated SQL injection vulnerability in graphs.php in Cacti | E | |
| CVE-2023-39360 | Reflected Cross-site Scripting in graphs_new.php in Cacti | E | |
| CVE-2023-39361 | Unauthenticated SQL Injection in graph_view.php in Cacti | E | |
| CVE-2023-39362 | Authenticated command injection in SNMP options of a Device | E | |
| CVE-2023-39363 | Vyper incorrectly allocated named re-entrancy locks | E S | |
| CVE-2023-39364 | Open redirect in change password functionality in Cacti | E | |
| CVE-2023-39365 | Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti | E | |
| CVE-2023-39366 | Stored Cross-site Scripting in data_sources.php through Device-Name in 'select' input in Cacti | E | |
| CVE-2023-39367 | An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink ... | E | |
| CVE-2023-39368 | Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthe... | | |
| CVE-2023-39369 | StarTrinity Softswitch version 2023-02-16 - multiple Reflected XSS (CWE-79) | S | |
| CVE-2023-39370 | StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79) | S | |
| CVE-2023-39371 | StarTrinity Softswitch version 2023-02-16 – Open Redirect (CWE-601) | S | |
| CVE-2023-39372 | StarTrinity Softswitch version 2023-02-16 - multiple CSRF (CWE-352) | S | |
| CVE-2023-39373 | Hyundai car CWE-294: Authentication Bypass by Capture-replay | | |
| CVE-2023-39374 | ForeScout NAC SecureConnector – CWE-427: Uncontrolled Search Path Element | S | |
| CVE-2023-39375 | SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | S | |
| CVE-2023-39376 | SiberianCMS - CWE-284: Improper Access Control Authorized user may disable a security feature over the network | S | |
| CVE-2023-39377 | SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method | S | |
| CVE-2023-39378 | SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user | S | |
| CVE-2023-39379 | Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintena... | | |
| CVE-2023-39380 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability ... | | |
| CVE-2023-39381 | Input verification vulnerability in the storage module. Successful exploitation of this vulnerabili... | | |
| CVE-2023-39382 | Input verification vulnerability in the audio module. Successful exploitation of this vulnerability... | | |
| CVE-2023-39383 | Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploita... | | |
| CVE-2023-39384 | Vulnerability of incomplete permission verification in the input method module. Successful exploitat... | | |
| CVE-2023-39385 | Vulnerability of configuration defects in the media module of certain products.. Successful exploita... | | |
| CVE-2023-39386 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita... | | |
| CVE-2023-39387 | Vulnerability of permission control in the window management module. Successful exploitation of this... | | |
| CVE-2023-39388 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita... | | |
| CVE-2023-39389 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita... | | |
| CVE-2023-39390 | Vulnerability of input parameter verification in certain APIs in the window management module. Succe... | | |
| CVE-2023-39391 | Vulnerability of system file information leakage in the USB Service module. Successful exploitation ... | | |
| CVE-2023-39392 | Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnera... | | |
| CVE-2023-39393 | Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of ... | | |
| CVE-2023-39394 | Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this... | | |
| CVE-2023-39395 | Mismatch vulnerability in the serialization process in the communication system. Successful exploita... | | |
| CVE-2023-39396 | Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may... | | |
| CVE-2023-39397 | Input parameter verification vulnerability in the communication system. Successful exploitation of t... | | |
| CVE-2023-39398 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera... | | |
| CVE-2023-39399 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera... | | |
| CVE-2023-39400 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera... | | |
| CVE-2023-39401 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera... | | |
| CVE-2023-39402 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera... | | |
| CVE-2023-39403 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera... | | |
| CVE-2023-39404 | Vulnerability of input parameter verification in certain APIs in the window management module. Succe... | | |
| CVE-2023-39405 | Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of ... | | |
| CVE-2023-39406 | Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerabi... | | |
| CVE-2023-39407 | The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability ma... | | |
| CVE-2023-39408 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys... | | |
| CVE-2023-39409 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys... | | |
| CVE-2023-39410 | Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK | | |
| CVE-2023-39411 | Improper input validationation for some Intel Unison software may allow a privileged user to potenti... | | |
| CVE-2023-39412 | Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentia... | | |
| CVE-2023-39413 | Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation func... | E | |
| CVE-2023-39414 | Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation func... | E | |
| CVE-2023-39415 | Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Pr... | | |
| CVE-2023-39416 | Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier... | | |
| CVE-2023-39417 | Postgresql: extension script @substitutions@ within quoting allow sql injection | | |
| CVE-2023-39418 | Postgresql: merge fails to enforce update or select row security policies | S | |
| CVE-2023-39419 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affec... | S | |
| CVE-2023-39420 | Use of Hard-coded Credentials in RDPCore.dll | | |
| CVE-2023-39421 | Use of Hard-coded Credentials in RDPWin.dll | | |
| CVE-2023-39422 | Use of Hard-coded Credentials in multiple /irmdata/api/ endpoints | | |
| CVE-2023-39423 | Improper Neutralization of Special Elements used in an SQL Command in RDPData.dll | | |
| CVE-2023-39424 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll | | |
| CVE-2023-39425 | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authentica... | | |
| CVE-2023-39427 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write | S | |
| CVE-2023-39429 | Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an aut... | | |
| CVE-2023-39431 | Santesoft Sante DICOM Viewer Pro Out-of-bounds Write | S | |
| CVE-2023-39432 | Improper access control element in some Intel(R) Ethernet tools and driver install software, before ... | | |
| CVE-2023-39433 | Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authent... | | |
| CVE-2023-39434 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 ... | | |
| CVE-2023-39435 | Zavio IP Camera Stack-Based Buffer Overflow | M | |
| CVE-2023-39436 | Information Disclosure in SAP Supplier Relationship Management | | |
| CVE-2023-39437 | Cross-Site Scripting (XSS) vulnerability in SAP Business One | | |
| CVE-2023-39438 | Missing Authorization check allows certain operations on CLA Assistant data | | |
| CVE-2023-39439 | SAP Commerce accepts empty passphrases. | | |
| CVE-2023-39440 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2023-39441 | Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation | S | |
| CVE-2023-39443 | Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.... | E | |
| CVE-2023-39444 | Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.... | E | |
| CVE-2023-39445 | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION all... | | |
| CVE-2023-39446 | Socomec MOD3GP-SY-120K Cross-Site Request Forgery | S | |
| CVE-2023-39447 | BIG-IP APM Guided Configuration vulnerability | | |
| CVE-2023-39448 | Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker t... | S | |
| CVE-2023-39450 | Rejected reason: This is unused.... | R | |
| CVE-2023-39452 | Socomec MOD3GP-SY-120K Plaintext Storage of a Password | S | |
| CVE-2023-39453 | A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 2... | E | |
| CVE-2023-39454 | Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthentica... | | |
| CVE-2023-39455 | OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to ex... | | |
| CVE-2023-39456 | Apache Traffic Server: Malformed http/2 frames can cause an abort | | |
| CVE-2023-39457 | Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability | | |
| CVE-2023-39458 | Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability | | |
| CVE-2023-39459 | Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability | | |
| CVE-2023-39460 | Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability | | |
| CVE-2023-39461 | Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability | | |
| CVE-2023-39462 | Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability | | |
| CVE-2023-39463 | Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability | | |
| CVE-2023-39464 | Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability | | |
| CVE-2023-39465 | Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability | | |
| CVE-2023-39466 | Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability | | |
| CVE-2023-39467 | Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability | | |
| CVE-2023-39468 | Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability | | |
| CVE-2023-39469 | PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability | | |
| CVE-2023-39470 | PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability | | |
| CVE-2023-39471 | TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-39472 | Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability | | |
| CVE-2023-39473 | Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-39474 | Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability | | |
| CVE-2023-39475 | Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-39476 | Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-39477 | Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability | | |
| CVE-2023-39478 | Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability | | |
| CVE-2023-39479 | Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability | | |
| CVE-2023-39480 | Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability | | |
| CVE-2023-39481 | Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability | | |
| CVE-2023-39482 | Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability | | |
| CVE-2023-39483 | PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-39484 | PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2023-39485 | PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39486 | PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2023-39487 | PDF-XChange Editor util Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-39488 | PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-39489 | PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39490 | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39491 | PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-39492 | PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-39493 | PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability | | |
| CVE-2023-39494 | PDF-XChange Editor OXPS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-39495 | PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability | | |
| CVE-2023-39496 | PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-39497 | PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39498 | PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39499 | PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39500 | PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39501 | PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-39502 | PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-39503 | PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-39504 | PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-39505 | PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability | | |
| CVE-2023-39506 | PDF-XChange Editor createDataObject Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2023-39507 | Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ... | | |
| CVE-2023-39508 | Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges | S | |
| CVE-2023-39509 | A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with ... | | |
| CVE-2023-39510 | Stored Cross-site Scripting in reports_admin.php through Device-Name in 'select' input in Cacti | E | |
| CVE-2023-39511 | Stored Cross-Site-Scripting on reports_admin.php device name in Cacti | E | |
| CVE-2023-39512 | Stored Cross-site Scripting on data_sources.php device name view in Cacti | E | |
| CVE-2023-39513 | Stored Cross-site Scripting on host.php verbose data-query debug view in Cacti | E | |
| CVE-2023-39514 | Stored Cross-site Scripting on graphs.php data template formated name view in Cacti | E | |
| CVE-2023-39515 | Stored Cross-site Scripting on data_debug.php datasource path view in Cacti | E | |
| CVE-2023-39516 | Stored Cross-Site-Scripting on data_sources.php debug html-block in Cacti | E | |
| CVE-2023-39517 | Cross site scripting (XSS) when clicking on an untrusted ` | E S | |
| CVE-2023-39518 | social-media-skeleton stored Cross-site Scripting vulnerability | S | |
| CVE-2023-39519 | CloudExplorer Lite sensitive information leakage vulnerability | E | |
| CVE-2023-39520 | Cryptomator vulnerable to Local Elevation of Privileges | E S | |
| CVE-2023-39521 | Tuleap vulnerable to Cross-site Scripting on the success message of a kanban deletion | E S | |
| CVE-2023-39522 | Username enumeration attack in goauthentik | S | |
| CVE-2023-39523 | ScanCode.io command injection in docker image fetch process | E S | |
| CVE-2023-39524 | PrestaShop vulnerable to boolean SQL injection in search product in BO | S | |
| CVE-2023-39525 | PrestaShop vulnerable to path traversal | S | |
| CVE-2023-39526 | PrestaShopSQL manager vulnerability (potential RCE) | S | |
| CVE-2023-39527 | PrestaShop XSS vulnerability through Validate::isCleanHTML method | S | |
| CVE-2023-39528 | PrestaShop vulnerable to file reading through path traversal | S | |
| CVE-2023-39529 | PrestaShop vulnerable to file deletion via attachment API | S | |
| CVE-2023-39530 | PrestaShop vulnerable to file deletion via CustomerMessage | S | |
| CVE-2023-39531 | Sentry vulnerable to incorrect credential validation on OAuth token requests | | |
| CVE-2023-39532 | SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution | E S | |
| CVE-2023-39533 | libp2p nodes vulnerable to attack using large RSA keys | E S | |
| CVE-2023-39534 | Malformed GAP submessage triggers assertion failure | | |
| CVE-2023-39535 | Improper input validation in BIOS | | |
| CVE-2023-39536 | Improper input validation in BIOS OFBD | | |
| CVE-2023-39537 | Improper input validation in BIOS TCG2 | | |
| CVE-2023-39538 | Failure when uploading a Logo image file | | |
| CVE-2023-39539 | Failure when uploading a Logo image file | | |
| CVE-2023-39540 | A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embe... | E | |
| CVE-2023-39541 | A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embe... | E | |
| CVE-2023-39542 | A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A s... | E | |
| CVE-2023-39543 | Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal... | | |
| CVE-2023-39544 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe ... | S | |
| CVE-2023-39545 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe ... | S | |
| CVE-2023-39546 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe ... | | |
| CVE-2023-39547 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe ... | S | |
| CVE-2023-39548 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe ... | S | |
| CVE-2023-39549 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affec... | S | |
| CVE-2023-39550 | Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain m... | E | |
| CVE-2023-39551 | PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin... | E | |
| CVE-2023-39552 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-0527. Reason: This candidate... | R | |
| CVE-2023-39553 | Apache Airflow Drill Provider Arbitrary File Read Vulnerability | S | |
| CVE-2023-39558 | AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilit... | E M | |
| CVE-2023-39559 | AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.... | E | |
| CVE-2023-39560 | ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \... | E | |
| CVE-2023-39562 | GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs... | E | |
| CVE-2023-39575 | A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v... | E | |
| CVE-2023-39578 | A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows ... | E | |
| CVE-2023-39582 | SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker... | S | |
| CVE-2023-39583 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-38831. Reason: This candidat... | R | |
| CVE-2023-39584 | Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.... | | |
| CVE-2023-39593 | Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to exe... | E | |
| CVE-2023-39598 | Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacke... | | |
| CVE-2023-39599 | Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary co... | E | |
| CVE-2023-39600 | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color ... | | |
| CVE-2023-39610 | An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to c... | E | |
| CVE-2023-39611 | An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read fil... | E | |
| CVE-2023-39612 | A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated att... | E S | |
| CVE-2023-39615 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement(... | E S | |
| CVE-2023-39616 | AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component a... | S | |
| CVE-2023-39617 | TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contai... | E | |
| CVE-2023-39618 | TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via ... | E | |
| CVE-2023-39619 | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafte... | E | |
| CVE-2023-39620 | An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacke... | E | |
| CVE-2023-39631 | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via t... | E S | |
| CVE-2023-39637 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the compo... | | |
| CVE-2023-39638 | D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerabi... | E | |
| CVE-2023-39639 | LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the compon... | E S | |
| CVE-2023-39640 | UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the co... | S | |
| CVE-2023-39641 | Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via ... | E S | |
| CVE-2023-39642 | Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the co... | E S | |
| CVE-2023-39643 | Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the co... | E S | |
| CVE-2023-39645 | Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In t... | S | |
| CVE-2023-39646 | Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaS... | S | |
| CVE-2023-39647 | Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. ... | S | |
| CVE-2023-39648 | Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In th... | S | |
| CVE-2023-39649 | Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. I... | S | |
| CVE-2023-39650 | Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability vi... | E S | |
| CVE-2023-39651 | Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the m... | S | |
| CVE-2023-39652 | theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via t... | S | |
| CVE-2023-39654 | abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.M... | E | |
| CVE-2023-39655 | A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20... | | |
| CVE-2023-39659 | An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrar... | E S | |
| CVE-2023-39660 | An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitr... | E S | |
| CVE-2023-39661 | An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the ... | E | |
| CVE-2023-39662 | An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via t... | E | |
| CVE-2023-39663 | Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vuln... | E | |
| CVE-2023-39665 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the a... | | |
| CVE-2023-39666 | D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in... | | |
| CVE-2023-39667 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the p... | | |
| CVE-2023-39668 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the p... | | |
| CVE-2023-39669 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FU... | | |
| CVE-2023-39670 | Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fg... | | |
| CVE-2023-39671 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be... | | |
| CVE-2023-39672 | Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets.... | | |
| CVE-2023-39673 | Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the functi... | | |
| CVE-2023-39674 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets.... | | |
| CVE-2023-39675 | SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2023-39676 | FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scrip... | E | |
| CVE-2023-39677 | MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered... | E | |
| CVE-2023-39678 | A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT... | E | |
| CVE-2023-39680 | Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing att... | | |
| CVE-2023-39681 | Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_o... | E | |
| CVE-2023-39683 | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to... | E | |
| CVE-2023-39685 | An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplyin... | E | |
| CVE-2023-39691 | An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator account... | | |
| CVE-2023-39695 | Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitraril... | E | |
| CVE-2023-39699 | IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via... | E | |
| CVE-2023-39700 | IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnera... | E | |
| CVE-2023-39703 | A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows ... | E | |
| CVE-2023-39707 | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management Syste... | E | |
| CVE-2023-39708 | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management Syste... | E | |
| CVE-2023-39709 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys... | E | |
| CVE-2023-39710 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys... | E | |
| CVE-2023-39711 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys... | E | |
| CVE-2023-39712 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys... | | |
| CVE-2023-39714 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management Sys... | E | |
| CVE-2023-39726 | An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted... | | |
| CVE-2023-39731 | The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel ac... | | |
| CVE-2023-39732 | The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the ch... | E | |
| CVE-2023-39733 | The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel a... | E | |
| CVE-2023-39734 | The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attacke... | E | |
| CVE-2023-39735 | The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the cha... | E | |
| CVE-2023-39736 | The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the ... | E | |
| CVE-2023-39737 | The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel acces... | E | |
| CVE-2023-39739 | The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the ... | E | |
| CVE-2023-39740 | The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the cha... | E | |
| CVE-2023-39741 | lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) fu... | E | |
| CVE-2023-39742 | giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.... | E | |
| CVE-2023-39743 | lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_b... | E | |
| CVE-2023-39745 | TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a bu... | E | |
| CVE-2023-39747 | TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overf... | E | |
| CVE-2023-39748 | An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause ... | E | |
| CVE-2023-39749 | D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. T... | E | |
| CVE-2023-39750 | D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at... | E | |
| CVE-2023-39751 | TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userR... | E | |
| CVE-2023-39776 | A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arb... | | |
| CVE-2023-39777 | A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 a... | E | |
| CVE-2023-39780 | On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection ... | KEV E | |
| CVE-2023-39784 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the sa... | E | |
| CVE-2023-39785 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the se... | E | |
| CVE-2023-39786 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the ss... | E | |
| CVE-2023-39796 | SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated... | | |
| CVE-2023-39801 | A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R ... | E | |
| CVE-2023-39804 | In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application ... | S | |
| CVE-2023-39805 | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admi... | | |
| CVE-2023-39806 | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.... | | |
| CVE-2023-39807 | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via th... | | |
| CVE-2023-39808 | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allo... | | |
| CVE-2023-39809 | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability vi... | | |
| CVE-2023-39810 | An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.... | | |
| CVE-2023-39814 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-39815 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-39816 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-39817 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-39827 | Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the... | E | |
| CVE-2023-39828 | Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the ... | E | |
| CVE-2023-39829 | Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g paramete... | E | |
| CVE-2023-39834 | PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_functio... | E | |
| CVE-2023-39841 | Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to creat... | E | |
| CVE-2023-39842 | Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers... | E | |
| CVE-2023-39843 | Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create ... | E | |
| CVE-2023-39846 | An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.... | E | |
| CVE-2023-39848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-39849 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-39850 | Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid a... | E | |
| CVE-2023-39851 | webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at... | E | |
| CVE-2023-39852 | Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at ... | E | |
| CVE-2023-39853 | SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive i... | E | |
| CVE-2023-39854 | The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default c... | M | |
| CVE-2023-39902 | A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 202... | S | |
| CVE-2023-39903 | An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsn... | S | |
| CVE-2023-39908 | The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of spec... | S | |
| CVE-2023-39909 | Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privileg... | | |
| CVE-2023-39910 | The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 ... | | |
| CVE-2023-39912 | Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary fil... | | |
| CVE-2023-39913 | Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats | | |
| CVE-2023-39914 | BER/CER/DER decoder panics on invalid input | S | |
| CVE-2023-39915 | Crashes on parsing certain invalid RPKI objects | S | |
| CVE-2023-39916 | Possible path traversal when storing RRDP responses | S | |
| CVE-2023-39917 | WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39918 | WordPress Booking Package Plugin <= 1.6.01 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-39919 | WordPress wpShopGermany – Protected Shops Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-39920 | WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability | S | |
| CVE-2023-39921 | WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-39922 | WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability | S | |
| CVE-2023-39923 | WordPress The Post Grid Plugin <= 7.2.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39924 | WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-39925 | WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39926 | WordPress Under Construction / Maintenance Mode from Acurax Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-39928 | A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A special... | | |
| CVE-2023-39929 | Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may all... | | |
| CVE-2023-39930 | PingFederate PingID Radius PCV Authentication Bypass | | |
| CVE-2023-39932 | Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow... | | |
| CVE-2023-39933 | Insufficient verification vulnerability exists in Broadcast Mail CGI (pmc.exe) included in A.K.I Sof... | | |
| CVE-2023-39935 | Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authe... | | |
| CVE-2023-39936 | Ashlar-Vellum Graphite Out-of-bounds Read | S | |
| CVE-2023-39938 | Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthe... | | |
| CVE-2023-39939 | SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Ca... | | |
| CVE-2023-39941 | Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthen... | | |
| CVE-2023-39943 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write | S | |
| CVE-2023-39944 | OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allow... | | |
| CVE-2023-39945 | Malformed serialized data in a data submessage leads to unhandled exception | | |
| CVE-2023-39946 | Heap overflow in push_back_helper due to a CDR message | | |
| CVE-2023-39947 | Another heap overflow in push_back_helper | | |
| CVE-2023-39948 | Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds | | |
| CVE-2023-39949 | Improper validation of sequence numbers leading to remotely reachable assertion failure | | |
| CVE-2023-39950 | Insufficient input validation in efibootguard | | |
| CVE-2023-39951 | Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend | E S | |
| CVE-2023-39952 | Advanced permissions not respected when copying entire group folders | S | |
| CVE-2023-39953 | Issuer not verified from obtained token in user_oidc | S | |
| CVE-2023-39954 | user_oidc app stores client secret unencrypted in database | S | |
| CVE-2023-39955 | Notes attachment render HTML in preview mode | S | |
| CVE-2023-39956 | Electron: Out-of-package code execution when launched with arbitrary cwd | | |
| CVE-2023-39957 | Path traversal allows tricking the Talk Android app into writing files into it's root directory | S | |
| CVE-2023-39958 | Missing brute force protection on password reset token OAuth2 API controller | S | |
| CVE-2023-39959 | Existence of calendars and address books can be checked by unauthenticated users | S | |
| CVE-2023-39960 | Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint | S | |
| CVE-2023-39961 | Text does not respect "Allow download" permissions | S | |
| CVE-2023-39962 | Users can delete external storage mount points | S | |
| CVE-2023-39963 | Missing password confirmation when creating app passwords | S | |
| CVE-2023-39964 | 1Panel O&M management panel has a background arbitrary file reading vulnerability | E | |
| CVE-2023-39965 | 1Panel Unauthorized access in Backend | E | |
| CVE-2023-39966 | 1Panel arbitrary file write vulnerability exists in the background | E | |
| CVE-2023-39967 | Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio | E | |
| CVE-2023-39968 | Open Redirect Vulnerability in jupyter-server | S | |
| CVE-2023-39969 | uthenticode signature validation bypass vulnerability | S | |
| CVE-2023-39970 | Extension - acymailing.com - RCE in AcyMailing component for Joomla 6.7.0-8.5.0 | | |
| CVE-2023-39971 | Extension - acymailing.com - XSS in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 | | |
| CVE-2023-39972 | Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 | | |
| CVE-2023-39973 | Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 | | |
| CVE-2023-39974 | Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 | | |
| CVE-2023-39975 | kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable... | S | |
| CVE-2023-39976 | log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the head... | S | |
| CVE-2023-39977 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3268. Reason: This candidate... | R | |
| CVE-2023-39978 | ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in M... | S | |
| CVE-2023-39979 | MXsecurity Authentication Bypass | S | |
| CVE-2023-39980 | MXsecurity Authenticated Information Disclosure Due to SQL Injection | S | |
| CVE-2023-39981 | MXsecurity Device Information Disclosure | S | |
| CVE-2023-39982 | MXsecurity Hardcoded Credential | S | |
| CVE-2023-39983 | MXsecurity Register Database Pollution | S | |
| CVE-2023-39984 | Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability in Hitachi EH-VIEW (KeypadDesigner) | | |
| CVE-2023-39985 | Out-of-bounds Write Vulnerability in Hitachi EH-VIEW (Designer) | | |
| CVE-2023-39986 | Out-of-bounds Read Vulnerability in Hitachi EH-VIEW (Designer) | | |
| CVE-2023-39987 | WordPress wSecure Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-39988 | WordPress WxSync Plugin <= 2.7.23 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-39989 | WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-39990 | WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability | S | |
| CVE-2023-39991 | WordPress BigBlueButton Plugin <= 3.0.0-beta.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-39992 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.3.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-39993 | WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability | S | |
| CVE-2023-39994 | WordPress ARMember Premium plugin <= 5.9.2 - Broken Access Control | S | |
| CVE-2023-39995 | WordPress Portfolio and Projects plugin <= 1.3.7 - Broken Access Control vulnerability | S | |
| CVE-2023-39996 | WordPress Accordion and Accordion Slider plugin <= 1.2.4 - Broken Access Control | S | |
| CVE-2023-39997 | WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control Vulnerability | S | |
| CVE-2023-39998 | WordPress BeTheme theme <= 27.1.1 - Author+ Broken Access Control vulnerability | S | |
| CVE-2023-39999 | WordPress < 6.3.2 is vulnerable to Broken Access Control | E S |