| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-4000 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery i... | S | |
| CVE-2023-4001 | Grub2: bypass the grub password protection feature | | |
| CVE-2023-4002 | Insertion of Sensitive Information Into Sent Data in GitLab | S | |
| CVE-2023-4003 | One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation | S | |
| CVE-2023-4004 | Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() | S | |
| CVE-2023-4005 | Insufficient Session Expiration in fossbilling/fossbilling | S | |
| CVE-2023-4006 | Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq | S | |
| CVE-2023-4007 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq | S | |
| CVE-2023-4008 | Incorrect Ownership Assignment in GitLab | S | |
| CVE-2023-4009 | Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager | | |
| CVE-2023-4010 | Kernel: usb: hcd: malformed usb descriptor leads to infinite loop in usb_giveback_urb() | E | |
| CVE-2023-4011 | Allocation of Resources Without Limits or Throttling in GitLab | S | |
| CVE-2023-4012 | Incomplete Internal State Distinction in ntpsec | S | |
| CVE-2023-4013 | GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF | E | |
| CVE-2023-4014 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4015 | Use-after-free in Linux kernel's netfilter: nf_tables component | S | |
| CVE-2023-4016 | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a ma... | M | |
| CVE-2023-4017 | Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters | | |
| CVE-2023-4018 | Direct Request ('Forced Browsing') in GitLab | E S | |
| CVE-2023-4019 | Media from FTP < 11.17 - Author+ Arbitrary File Access | E | |
| CVE-2023-4020 | Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory | | |
| CVE-2023-4021 | The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi... | S | |
| CVE-2023-4022 | Herd Effects < 5.2.3 - Admin+ Stored XSS | E | |
| CVE-2023-4023 | All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR | E | |
| CVE-2023-4024 | Radio Player <= 2.0.73 - Missing Authorization to Player Deletion | S | |
| CVE-2023-4025 | Radio Player <= 2.0.73 - Missing Authorization to Player Update | S | |
| CVE-2023-4026 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4024. Reason: This re... | R | |
| CVE-2023-4027 | Radio Player <= 2.0.73 - Missing Authorization to Settings Update | S | |
| CVE-2023-4028 | A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Noteboo... | S | |
| CVE-2023-4029 | A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad produ... | S | |
| CVE-2023-4030 | A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 t... | S | |
| CVE-2023-4033 | OS Command Injection in mlflow/mlflow | S | |
| CVE-2023-4034 | SQLi in Smartrise Document Management System | | |
| CVE-2023-4035 | Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2023-4036 | Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access | E | |
| CVE-2023-4037 | SQL injection in Setelsa Security ConacWin | S | |
| CVE-2023-4039 | GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 | E S | |
| CVE-2023-4040 | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modific... | S | |
| CVE-2023-4041 | Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability | | |
| CVE-2023-4042 | Ghostscript: incomplete fix for cve-2020-16305 | | |
| CVE-2023-4043 | Parsson DoS when parsing numbers from untrusted sources | E S | |
| CVE-2023-4045 | Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access ... | | |
| CVE-2023-4046 | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis... | | |
| CVE-2023-4047 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick ... | | |
| CVE-2023-4048 | An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low... | | |
| CVE-2023-4049 | Race conditions in reference counting code were found through code inspection. These could have resu... | | |
| CVE-2023-4050 | In some cases, an untrusted input stream was copied to a stack buffer without checking its size. Thi... | | |
| CVE-2023-4051 | A website could have obscured the full screen notification by using the file open dialog. This could... | | |
| CVE-2023-4052 | The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox,... | | |
| CVE-2023-4053 | A website could have obscured the full screen notification by using a URL with a scheme handled by a... | | |
| CVE-2023-4054 | When opening appref-ms files, Firefox did not warn the user that these files may contain malicious c... | | |
| CVE-2023-4055 | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent ... | | |
| CVE-2023-4056 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0,... | | |
| CVE-2023-4057 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these b... | | |
| CVE-2023-4058 | Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption a... | | |
| CVE-2023-4059 | Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation | E | |
| CVE-2023-4060 | WP Adminify < 3.1.6 - Admin+ Stored XSS | E | |
| CVE-2023-4061 | Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor | M | |
| CVE-2023-4063 | Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an im... | | |
| CVE-2023-4065 | Operator: plaintext password in operator log | | |
| CVE-2023-4066 | Operator: passwords defined in secrets shown in statefulset yaml | | |
| CVE-2023-4067 | The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-S... | S | |
| CVE-2023-4068 | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform a... | | |
| CVE-2023-4069 | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potential... | | |
| CVE-2023-4070 | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform a... | | |
| CVE-2023-4071 | Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker t... | | |
| CVE-2023-4072 | Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote atta... | | |
| CVE-2023-4073 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remot... | | |
| CVE-2023-4074 | Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote at... | | |
| CVE-2023-4075 | Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potenti... | | |
| CVE-2023-4076 | Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to poten... | | |
| CVE-2023-4077 | Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attac... | | |
| CVE-2023-4078 | Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attac... | | |
| CVE-2023-4088 | Malicious Code Execution Vulnerability in FA Engineering Software Products | | |
| CVE-2023-4089 | WAGO: Multiple products vulnerable to local file inclusion | | |
| CVE-2023-4090 | Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia | | |
| CVE-2023-4091 | Samba: smb clients can truncate files with read-only permissions | M | |
| CVE-2023-4092 | SQL injection vulnerability in Fujitsu Arconte Áurea | S | |
| CVE-2023-4093 | Reflected and persistent XSS vulnerability in Fujitsu Arconte Áurea | S | |
| CVE-2023-4094 | Weak authentication vulnerability in Fujitsu Arconte Áurea | S | |
| CVE-2023-4095 | User enumeration vulnerability in Fujitsu Arconte Áurea | S | |
| CVE-2023-4096 | Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea | S | |
| CVE-2023-4097 | Multiple vulnerabilities in IDM Sistemas QSige | S | |
| CVE-2023-4098 | Multiple vulnerabilities in IDM Sistemas QSige | S | |
| CVE-2023-4099 | Multiple vulnerabilities in IDM Sistemas QSige | S | |
| CVE-2023-4100 | Multiple vulnerabilities in IDM Sistemas QSige | S | |
| CVE-2023-4101 | Multiple vulnerabilities in IDM Sistemas QSige | S | |
| CVE-2023-4102 | Multiple vulnerabilities in IDM Sistemas QSige | S | |
| CVE-2023-4103 | Multiple vulnerabilities in IDM Sistemas QSige | S | |
| CVE-2023-4104 | An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods all... | E S | |
| CVE-2023-4105 | Attachment of deleted message in a thread remains accessible and downloadable | S | |
| CVE-2023-4106 | A guest user can perform various actions on public playbooks | S | |
| CVE-2023-4107 | Incorrect authorization allows a user manager to update a system admin | S | |
| CVE-2023-4108 | Audit logging fails to sanitize post metadata | S | |
| CVE-2023-4109 | Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection | E | |
| CVE-2023-4110 | PHP Jabbers Availability Booking Calendar index.php cross site scripting | E | |
| CVE-2023-4111 | PHP Jabbers Bus Reservation System index.php cross site scripting | E | |
| CVE-2023-4112 | PHP Jabbers Shuttle Booking Software index.php cross site scripting | E | |
| CVE-2023-4113 | PHP Jabbers Service Booking Script index.php cross site scripting | E | |
| CVE-2023-4114 | PHP Jabbers Night Club Booking Software index.php cross site scripting | | |
| CVE-2023-4115 | PHP Jabbers Cleaning Business index.php cross site scripting | E | |
| CVE-2023-4116 | PHP Jabbers Taxi Booking index.php cross site scripting | E | |
| CVE-2023-4117 | PHP Jabbers Rental Property Booking index.php cross site scripting | E | |
| CVE-2023-4118 | Cute Http File Server Search cross site scripting | E | |
| CVE-2023-4119 | Academy LMS courses cross site scripting | | |
| CVE-2023-4120 | Byzoro Smart S85F Management Platform importhtml.php command injection | E | |
| CVE-2023-4121 | Byzoro Smart S85F Management Platform unrestricted upload | E | |
| CVE-2023-4122 | Student Information System v1.0 - Insecure File Upload | E | |
| CVE-2023-4124 | Missing Authorization in answerdev/answer | E S | |
| CVE-2023-4125 | Weak Password Requirements in answerdev/answer | E S | |
| CVE-2023-4126 | Insufficient Session Expiration in answerdev/answer | E S | |
| CVE-2023-4127 | Race Condition within a Thread in answerdev/answer | E S | |
| CVE-2023-4128 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, ... | R | |
| CVE-2023-4129 | Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerabilit... | | |
| CVE-2023-4132 | Kernel: smsusb: use-after-free caused by do_submit_urb() | | |
| CVE-2023-4133 | Kernel: cxgb4: use-after-free in ch_flower_stats_cb() | | |
| CVE-2023-4134 | Kernel: cyttsp4_core: use-after-free in cyttsp4_watchdog_work() | S | |
| CVE-2023-4135 | Out-of-bounds read information disclosure vulnerability | S | |
| CVE-2023-4136 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine | M | |
| CVE-2023-4138 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb | E S | |
| CVE-2023-4139 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure v... | S | |
| CVE-2023-4140 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions ... | S | |
| CVE-2023-4141 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions... | S | |
| CVE-2023-4142 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions... | S | |
| CVE-2023-4145 | Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework | E S | |
| CVE-2023-4147 | Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free | S | |
| CVE-2023-4148 | Ditty < 3.1.25 - Reflected XSS | E | |
| CVE-2023-4149 | WAGO: OS Command Injection Vulnerability in Managed Switch | | |
| CVE-2023-4150 | User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF | E | |
| CVE-2023-4151 | Store Locator WordPress < 1.4.13 - Reflected XSS | E | |
| CVE-2023-4152 | Frauscher FDS101 for FAdC/FAdCi path traversal vulnerability | | |
| CVE-2023-4153 | The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and incl... | | |
| CVE-2023-4154 | Samba: ad dc password exposure to privileged users and rodcs | S | |
| CVE-2023-4155 | Sev-es / sev-snp vmgexit double fetch vulnerability | S | |
| CVE-2023-4156 | Heap out of bound read in builtin.c | E | |
| CVE-2023-4157 | Improper Neutralization of Special Elements in Output Used by a Downstream Component in omeka/omeka-s | E S | |
| CVE-2023-4158 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s | E S | |
| CVE-2023-4159 | Unrestricted Upload of File with Dangerous Type in omeka/omeka-s | E S | |
| CVE-2023-4160 | The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scriptin... | S | |
| CVE-2023-4161 | The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to... | S | |
| CVE-2023-4162 | Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0 | | |
| CVE-2023-4163 | Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS | | |
| CVE-2023-4164 | There is a possible information disclosure due to a missing permission check in Pixel Watch | | |
| CVE-2023-4165 | Tongda OA delete_seal.php sql injection | E | |
| CVE-2023-4166 | Tongda OA delete_log.php sql injection | E | |
| CVE-2023-4167 | Media Browser Emby Server cross site scripting | E | |
| CVE-2023-4168 | Templatecookie Adlisting Redirect ad-list information disclosure | E | |
| CVE-2023-4169 | Ruijie RG-EW1200G Administrator Password set_passwd access control | E | |
| CVE-2023-4170 | DedeBIZ Article cross site scripting | E | |
| CVE-2023-4171 | Chengdu Flash Flood Disaster Monitoring and Warning System FileDownload.ashx path traversal | E | |
| CVE-2023-4172 | Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx absolute path traversal | E | |
| CVE-2023-4173 | mooSocial mooStore index cross site scripting | E | |
| CVE-2023-4174 | mooSocial mooStore cross site scripting | E | |
| CVE-2023-4175 | mooSocial mooTravel cross site scripting | | |
| CVE-2023-4176 | SourceCodester Hospital Management System appointmentapproval.php sql injection | E | |
| CVE-2023-4177 | EmpowerID Multi-Factor Authentication Code information disclosure | | |
| CVE-2023-4178 | Authentication Bypass in Neutron Smart VMS | | |
| CVE-2023-4179 | SourceCodester Free Hospital Management System for Small Practices sql injection | E | |
| CVE-2023-4180 | SourceCodester Free Hospital Management System for Small Practices login.php sql injection | E | |
| CVE-2023-4181 | SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow | E | |
| CVE-2023-4182 | SourceCodester Inventory Management System edit_sell.php sql injection | | |
| CVE-2023-4183 | SourceCodester Inventory Management System Password edit_update.php access control | | |
| CVE-2023-4184 | SourceCodester Inventory Management System sell_return.php sql injection | | |
| CVE-2023-4185 | SourceCodester Online Hospital Management System patientlogin.php sql injection | E | |
| CVE-2023-4186 | SourceCodester Pharmacy Management System manage_website.php unrestricted upload | E | |
| CVE-2023-4187 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 | E S | |
| CVE-2023-4188 | SQL Injection in instantsoft/icms2 | E S | |
| CVE-2023-4189 | Cross-site Scripting (XSS) - Reflected in instantsoft/icms2 | E S | |
| CVE-2023-4190 | Insufficient Session Expiration in admidio/admidio | E S | |
| CVE-2023-4191 | SourceCodester Resort Reservation System index.php file inclusion | E | |
| CVE-2023-4192 | SourceCodester Resort Reservation System manage_user.php sql injection | E | |
| CVE-2023-4193 | SourceCodester Resort Reservation System view_fee.php sql injection | E | |
| CVE-2023-4194 | Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid | S | |
| CVE-2023-4195 | PHP Remote File Inclusion in cockpit-hq/cockpit | E S | |
| CVE-2023-4196 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit | E S | |
| CVE-2023-4197 | Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE | S | |
| CVE-2023-4198 | Dolibarr ERP CRM (<= 17.0.3) Improper Access Control | E S | |
| CVE-2023-4199 | SourceCodester Inventory Management System catagory_data.php sql injection | E | |
| CVE-2023-4200 | SourceCodester Inventory Management System product_data.php. sql injection | E | |
| CVE-2023-4201 | SourceCodester Inventory Management System ex_catagory_data.php sql injection | E | |
| CVE-2023-4202 | Stored Cross-Site Scripting | E | |
| CVE-2023-4203 | Stored Cross-Site Scripting | E | |
| CVE-2023-4204 | NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability | S | |
| CVE-2023-4205 | Rejected reason: This was deemed as a false positive both by the reporter and upstream kernel.... | R | |
| CVE-2023-4206 | Use-after-free in Linux kernel's net/sched: cls_route component | S | |
| CVE-2023-4207 | Use-after-free in Linux kernel's net/sched: cls_fw component | S | |
| CVE-2023-4208 | Use-after-free in Linux kernel's net/sched: cls_u32 component | S | |
| CVE-2023-4209 | POEditor < 0.9.8 - Settings Reset via CSRF | E | |
| CVE-2023-4210 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4211 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations | KEV | |
| CVE-2023-4212 | Trane Thermostats Injection | S | |
| CVE-2023-4213 | The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object Refe... | | |
| CVE-2023-4214 | The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to,... | S | |
| CVE-2023-4215 | Advantech WebAccess Debug Messages Revealing Unnecessary Information | S | |
| CVE-2023-4216 | Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read | E | |
| CVE-2023-4217 | Session cookies attribute not set properly | M | |
| CVE-2023-4218 | XXE in eclipse.platform / Eclipse IDE | E S | |
| CVE-2023-4219 | SourceCodester Doctors Appointment System login.php sql injection | E | |
| CVE-2023-4220 | Chamilo LMS Unauthenticated Big Upload File Remote Code Execution | E S | |
| CVE-2023-4221 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability | E S | |
| CVE-2023-4222 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability | E S | |
| CVE-2023-4223 | Chamilo LMS File Upload Functionality Remote Code Execution | E S | |
| CVE-2023-4224 | Chamilo LMS File Upload Functionality Remote Code Execution | E S | |
| CVE-2023-4225 | Chamilo LMS File Upload Functionality Remote Code Execution | E S | |
| CVE-2023-4226 | Chamilo LMS File Upload Functionality Remote Code Execution | E S | |
| CVE-2023-4227 | ioLogik 4000 Series: Existence of an Unauthorized Service | S | |
| CVE-2023-4228 | ioLogik 4000 Series: Session Cookies Attribute Not Set Properly | S | |
| CVE-2023-4229 | ioLogik 4000 Series: Session Headers Not Implemented | S | |
| CVE-2023-4230 | ioLogik 4000 Series: Server Banner Information Disclosure | S | |
| CVE-2023-4231 | SQLi in Cevik Informatics' Online Payment System | | |
| CVE-2023-4232 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_status_report() function | | |
| CVE-2023-4233 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the sms_decode_address_field() function | | |
| CVE-2023-4234 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_submit_report() function | | |
| CVE-2023-4235 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver_report() function | | |
| CVE-2023-4236 | named may terminate unexpectedly under high DNS-over-TLS query load | S | |
| CVE-2023-4237 | Platform: ec2_key module prints out the private key directly to the standard output | | |
| CVE-2023-4238 | Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload | E | |
| CVE-2023-4239 | The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to... | E | |
| CVE-2023-4241 | lol-html panics on certain HTML inputs | | |
| CVE-2023-4242 | The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health RES... | | |
| CVE-2023-4243 | The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plu... | | |
| CVE-2023-4244 | Use-after-free in Linux kernel's netfilter: nf_tables component | S | |
| CVE-2023-4245 | The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due t... | S | |
| CVE-2023-4246 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i... | S | |
| CVE-2023-4247 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i... | S | |
| CVE-2023-4248 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i... | S | |
| CVE-2023-4249 | Zavio IP Camera Stack-Based Buffer Overflow | M | |
| CVE-2023-4250 | EventPrime < 3.2.0 - Reflected XSS | E | |
| CVE-2023-4251 | EventPrime < 3.2.0 - Booking Creation via CSRF | E | |
| CVE-2023-4252 | EventPrime <= 3.2.9 - Booking Pricing Bypass | E | |
| CVE-2023-4253 | Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder | E | |
| CVE-2023-4254 | Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings | E | |
| CVE-2023-4255 | W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223) | E S | |
| CVE-2023-4256 | Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c | E | |
| CVE-2023-4257 | Unchecked user input length in the Zephyr WiFi shell module | E | |
| CVE-2023-4258 | bt: mesh: vulnerability in provisioning protocol implementation on provisionee side | S | |
| CVE-2023-4259 | Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver | E | |
| CVE-2023-4260 | Potential off-by-one buffer overflow vulnerability in the Zephyr FS subsystem | E | |
| CVE-2023-4261 | Rejected reason: This CVE ID is Rejected because the issue was not a vulnerability. The data field r... | R | |
| CVE-2023-4262 | Rejected reason: User data field is not attacker controlled... | R | |
| CVE-2023-4263 | Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | | |
| CVE-2023-4264 | Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem | E | |
| CVE-2023-4265 | Buffer overflow in Zephyr USB | E | |
| CVE-2023-4269 | User Activity Log < 1.6.6 - Subscriber+ Log Export | E | |
| CVE-2023-4270 | Min Max Control < 4.6 - Reflected XSS | E | |
| CVE-2023-4271 | The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... | S | |
| CVE-2023-4272 | Mali GPU Kernel Driver exposes sensitive data from freed memory | | |
| CVE-2023-4273 | Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry | E S | |
| CVE-2023-4274 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal i... | E S | |
| CVE-2023-4275 | Rejected reason: It is invalid.... | R | |
| CVE-2023-4276 | The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up... | S | |
| CVE-2023-4277 | The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i... | S | |
| CVE-2023-4278 | MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation | E | |
| CVE-2023-4279 | User Activity Log < 1.6.7 - IP Spoofing | E | |
| CVE-2023-4280 | Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region | | |
| CVE-2023-4281 | Activity Log < 2.8.8 - IP Spoofing | E | |
| CVE-2023-4282 | The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capa... | S | |
| CVE-2023-4283 | The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress... | S | |
| CVE-2023-4284 | Post Timeline < 2.2.6 - Reflected XSS | E | |
| CVE-2023-4289 | WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode | E | |
| CVE-2023-4290 | WP Matterport Shortcode < 2.1.7 - Reflected XSS | E | |
| CVE-2023-4291 | Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability | | |
| CVE-2023-4292 | Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability | | |
| CVE-2023-4293 | The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privileg... | E S | |
| CVE-2023-4294 | URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header | E | |
| CVE-2023-4295 | Mali GPU Kernel Driver allows improper GPU memory processing operations | S | |
| CVE-2023-4296 | PTC Codebeamer Cross site scripting | S | |
| CVE-2023-4297 | Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing | E | |
| CVE-2023-4298 | 123.chat < 1.3.1 - Admin+ Stored XSS | E | |
| CVE-2023-4299 | Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication | S | |
| CVE-2023-4300 | Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload | E | |
| CVE-2023-4301 | CSRF vulnerability in Fortify Plugin allow capturing credentials | | |
| CVE-2023-4302 | Missing permission checks in Fortify Plugin allow capturing credentials | | |
| CVE-2023-4303 | HTML injection vulnerability in Fortify Plugin | | |
| CVE-2023-4304 | Business Logic Errors in froxlor/froxlor | E S | |
| CVE-2023-4307 | Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF | E | |
| CVE-2023-4308 | User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content' | S | |
| CVE-2023-4309 | Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pag... | | |
| CVE-2023-4310 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contai... | S | |
| CVE-2023-4311 | Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE | E | |
| CVE-2023-4314 | wpDataTables < 2.1.66 - Admin+ PHP Object Injection | E | |
| CVE-2023-4315 | The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails... | S | |
| CVE-2023-4316 | Zod 3.22.2 - Regular expression Denial of Service | E | |
| CVE-2023-4317 | Incorrect Authorization in GitLab | E S | |
| CVE-2023-4318 | Herd Effects < 5.2.4 - Effect Deletion via CSRF | E | |
| CVE-2023-4319 | Rejected reason: This CVE ID is a reservation duplicate of CVE-2023-4677. Notes: All CVE users shoul... | R | |
| CVE-2023-4320 | Satellite: arithmetic overflow in satellite | | |
| CVE-2023-4321 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit | E S | |
| CVE-2023-4322 | Heap-based Buffer Overflow in radareorg/radare2 | E S | |
| CVE-2023-4323 | Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | S | |
| CVE-2023-4324 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | S | |
| CVE-2023-4325 | Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | S | |
| CVE-2023-4326 | Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | S | |
| CVE-2023-4327 | Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | S | |
| CVE-2023-4328 | Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | S | |
| CVE-2023-4329 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | S | |
| CVE-2023-4330 | Rejected reason: Broadcom were unable to duplicate the attack as described by Intel DCG Team. ... | R | |
| CVE-2023-4331 | Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | S | |
| CVE-2023-4332 | Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | S | |
| CVE-2023-4333 | Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | S | |
| CVE-2023-4334 | Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | S | |
| CVE-2023-4335 | Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | S | |
| CVE-2023-4336 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute | S | |
| CVE-2023-4337 | Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | S | |
| CVE-2023-4338 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | S | |
| CVE-2023-4339 | Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions | S | |
| CVE-2023-4340 | Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file | S | |
| CVE-2023-4341 | Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI | S | |
| CVE-2023-4342 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy | S | |
| CVE-2023-4343 | Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter | S | |
| CVE-2023-4344 | Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | S | |
| CVE-2023-4345 | Broadcom RAID Controller web interface is vulnerable client-side control bypass | S | |
| CVE-2023-4346 | KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implem... | M | |
| CVE-2023-4347 | Cross-site Scripting (XSS) - Reflected in librenms/librenms | E S | |
| CVE-2023-4348 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4349 | Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote a... | | |
| CVE-2023-4350 | Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowe... | | |
| CVE-2023-4351 | Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has ... | | |
| CVE-2023-4352 | Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentiall... | | |
| CVE-2023-4353 | Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to p... | | |
| CVE-2023-4354 | Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who h... | | |
| CVE-2023-4355 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker ... | | |
| CVE-2023-4356 | Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has co... | | |
| CVE-2023-4357 | Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a ... | | |
| CVE-2023-4358 | Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potential... | | |
| CVE-2023-4359 | Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed ... | | |
| CVE-2023-4360 | Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attac... | | |
| CVE-2023-4361 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed ... | | |
| CVE-2023-4362 | Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker ... | | |
| CVE-2023-4363 | Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed ... | | |
| CVE-2023-4364 | Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a... | | |
| CVE-2023-4365 | Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote ... | | |
| CVE-2023-4366 | Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinc... | | |
| CVE-2023-4367 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an... | | |
| CVE-2023-4368 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an... | | |
| CVE-2023-4369 | Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.... | | |
| CVE-2023-4371 | phpRecDB index.php cross site scripting | | |
| CVE-2023-4372 | The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' ... | S | |
| CVE-2023-4373 | Inadequate validation of permissions when employing remote tools and macros within Devolutions Remo... | | |
| CVE-2023-4374 | The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addit... | | |
| CVE-2023-4376 | Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS | E | |
| CVE-2023-4377 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4378 | Insertion of Sensitive Information Into Sent Data in GitLab | E S | |
| CVE-2023-4379 | Incorrect Authorization in GitLab | S | |
| CVE-2023-4380 | Platform: token exposed at importing project | | |
| CVE-2023-4381 | Unverified Password Change in instantsoft/icms2 | S | |
| CVE-2023-4382 | tdevs Hyip Rio Profile Settings settings cross site scripting | E | |
| CVE-2023-4383 | MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions | E | |
| CVE-2023-4384 | MaximaTech Portal Executivo Cookie missing encryption | E | |
| CVE-2023-4385 | Kernel: jfs: null pointer dereference in dbfree() | S | |
| CVE-2023-4386 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, a... | | |
| CVE-2023-4387 | Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf() | S | |
| CVE-2023-4388 | EventON < 2.2 - Admin+ Stored XSS | E | |
| CVE-2023-4389 | Kernel: btrfs: double free in btrfs_get_root_ref() | S | |
| CVE-2023-4390 | Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2023-4392 | Control iD Gerencia Web Cookie cleartext storage | E | |
| CVE-2023-4393 | HTML and SMTP Injection in LiquidFiles | | |
| CVE-2023-4394 | Memory leak in btrfs_get_dev_args_from_path() | S | |
| CVE-2023-4395 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit | E S | |
| CVE-2023-4397 | A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmw... | | |
| CVE-2023-4398 | An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN f... | | |
| CVE-2023-4399 | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Reques... | | |
| CVE-2023-4400 | A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior... | | |
| CVE-2023-4401 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability... | | |
| CVE-2023-4402 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, a... | E | |
| CVE-2023-4404 | The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versi... | | |
| CVE-2023-4406 | XSS in KC Group's E-Commerce Software | | |
| CVE-2023-4407 | Codecanyon Credit Lite POST Request account_statement sql injection | E | |
| CVE-2023-4408 | Parsing large DNS messages may cause excessive CPU load | S | |
| CVE-2023-4409 | NBS&HappySoftWeChat unrestricted upload | E | |
| CVE-2023-4410 | TOTOLINK EX1200L setDiagnosisCfg os command injection | E | |
| CVE-2023-4411 | TOTOLINK EX1200L setTracerouteCfg os command injection | E | |
| CVE-2023-4412 | TOTOLINK EX1200L setWanCfg os command injection | E | |
| CVE-2023-4413 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi... | R | |
| CVE-2023-4414 | Byzoro Smart S85F Management Platform decodmail.php command injection | E | |
| CVE-2023-4415 | Ruijie RG-EW1200G login improper authentication | E | |
| CVE-2023-4417 | Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 20... | | |
| CVE-2023-4418 | A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability ... | M | |
| CVE-2023-4419 | The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote atta... | S | |
| CVE-2023-4420 | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to th... | M | |
| CVE-2023-4421 | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher... | | |
| CVE-2023-4422 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit | E S | |
| CVE-2023-4423 | The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for Word... | E S | |
| CVE-2023-4424 | bt: hci: DoS and possible RCE | | |
| CVE-2023-4426 | Rejected reason: **REJECT** Not a valid security issue - vendor unable to replicate.... | R | |
| CVE-2023-4427 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker... | | |
| CVE-2023-4428 | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacke... | | |
| CVE-2023-4429 | Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to poten... | | |
| CVE-2023-4430 | Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to poten... | | |
| CVE-2023-4431 | Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attac... | | |
| CVE-2023-4432 | Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit | E S | |
| CVE-2023-4433 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit | E S | |
| CVE-2023-4434 | Missing Authorization in hamza417/inure | E S | |
| CVE-2023-4435 | Improper Input Validation in hamza417/inure | E S | |
| CVE-2023-4436 | SourceCodester Inventory Management System edit_update.php sql injection | E | |
| CVE-2023-4437 | SourceCodester Inventory Management System search_sell_paymen_report.php sql injection | E | |
| CVE-2023-4438 | SourceCodester Inventory Management System search_sales_report.php sql injection | E | |
| CVE-2023-4439 | SourceCodester Card Holder Management System Minus Value unknown vulnerability | | |
| CVE-2023-4440 | SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection | E | |
| CVE-2023-4441 | SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection | | |
| CVE-2023-4442 | SourceCodester Free Hospital Management System for Small Practices booking-complete.php sql injection | E | |
| CVE-2023-4443 | SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection | E | |
| CVE-2023-4444 | SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection | E | |
| CVE-2023-4445 | Mini-Tmall sql injection | E | |
| CVE-2023-4446 | OpenRapid RapidCMS category.php sql injection | E | |
| CVE-2023-4447 | OpenRapid RapidCMS article-chat.php sql injection | E | |
| CVE-2023-4448 | OpenRapid RapidCMS run-movepass.php password recovery | E S | |
| CVE-2023-4449 | SourceCodester Free and Open Source Inventory Management System sql injection | E | |
| CVE-2023-4450 | jeecgboot JimuReport Template injection | E | |
| CVE-2023-4451 | Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit | E S | |
| CVE-2023-4452 | Web Server Buffer Overflow Vulnerability | S | |
| CVE-2023-4453 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore | E S | |
| CVE-2023-4454 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag | E S | |
| CVE-2023-4455 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag | E S | |
| CVE-2023-4456 | Openshift-logging: lokistack authorisation is cached too broadly | | |
| CVE-2023-4457 | Grafana is an open-source platform for monitoring and observability. The Google Sheets data source ... | | |
| CVE-2023-4458 | Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability | | |
| CVE-2023-4459 | Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup() | S | |
| CVE-2023-4460 | Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG | E | |
| CVE-2023-4462 | Poly VVX 601 Web Configuration Application random values | E | |
| CVE-2023-4463 | Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service | E | |
| CVE-2023-4464 | Poly VVX 601 Diagnostic Telnet Mode os command injection | E | |
| CVE-2023-4465 | Poly VVX 601 Configuration File Import unverified password change | E | |
| CVE-2023-4466 | Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism | E | |
| CVE-2023-4467 | Poly Trio 8800 Test Automation Mode backdoor | E | |
| CVE-2023-4468 | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization | E | |
| CVE-2023-4469 | The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of... | | |
| CVE-2023-4471 | The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... | S | |
| CVE-2023-4472 | Cryptographically weak PRNG in Opinio 7.22 | | |
| CVE-2023-4473 | A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.... | S | |
| CVE-2023-4474 | The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware vers... | S | |
| CVE-2023-4475 | An Arbitrary File Movement vulnerability was found on the ADM | | |
| CVE-2023-4476 | Locatoraid Store Locator < 3.9.24 - Reflected XSS | E | |
| CVE-2023-4478 | Parameter tampering in the registration resulting in blocked accounts to be created | S | |
| CVE-2023-4479 | Stored XSS Vulnerability in M-Files Web | | |
| CVE-2023-4480 | Arbitrary File Read in Fusion File Manager | M | |
| CVE-2023-4481 | Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481) | S | |
| CVE-2023-4482 | The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the styl... | S | |
| CVE-2023-4485 | ARDEREG Sistemas SCADA SQL Injection | M | |
| CVE-2023-4486 | Uncontrolled Resource Consumption in Metasys and Facility Explorer | S | |
| CVE-2023-4487 | GE Digital CIMPLICITY Process Control | S | |
| CVE-2023-4488 | The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and ... | S | |
| CVE-2023-4489 | Z/IP Gateway Use of Uninitialized PRNG when Generating S0 Encryption Key | | |
| CVE-2023-4490 | WP Job Portal < 2.0.6 - Unauthenticated SQLi | E | |
| CVE-2023-4491 | Easy Address Book Web Server Buffer overflow vulnerability | | |
| CVE-2023-4492 | Easy Address Book Web Server XSS vulnerability | | |
| CVE-2023-4493 | Easy Address Book Web Server Stored XSS vulnerability | | |
| CVE-2023-4494 | Easy Chat Server Stack-based buffer overflow vulnerability | | |
| CVE-2023-4495 | Easy Chat Server XSS vulnerability | | |
| CVE-2023-4496 | Easy Chat Server XSS vulnerability | | |
| CVE-2023-4497 | Easy Chat Server XSS vulnerability | | |
| CVE-2023-4498 | Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router | | |
| CVE-2023-4499 | A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as H... | S | |
| CVE-2023-4500 | The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ord... | S | |
| CVE-2023-4501 | Authentication bypass in OpenText (Micro Focus) Enterprise Server | S | |
| CVE-2023-4502 | Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS | E | |
| CVE-2023-4503 | Eap-galleon: custom provisioning creates unsecured http-invoker | | |
| CVE-2023-4504 | OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow | E | |
| CVE-2023-4505 | The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to L... | E | |
| CVE-2023-4506 | The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passb... | E | |
| CVE-2023-4507 | Admission AppManager <= 1.0.0 - Reflected Cross-Site Scripting | | |
| CVE-2023-4508 | Denial of Service in Gerbv | E S | |
| CVE-2023-4509 | It is possible for an API key to be logged in clear text in the audit log file after an invalid logi... | | |
| CVE-2023-4511 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark | S | |
| CVE-2023-4512 | Uncontrolled Recursion in Wireshark | E S | |
| CVE-2023-4513 | Missing Release of Memory after Effective Lifetime in Wireshark | E S | |
| CVE-2023-4514 | Mmm Simple File List <= 2.3 - Contributor+ Stored XSS | E | |
| CVE-2023-4516 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Ser... | S | |
| CVE-2023-4517 | Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp | E S | |
| CVE-2023-4518 | A vulnerability exists in the input validation of the GOOSE messages where out of range values rece... | | |
| CVE-2023-4520 | The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... | S | |
| CVE-2023-4521 | Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE | E | |
| CVE-2023-4522 | Improper Validation of Specified Type of Input in GitLab | E S | |
| CVE-2023-4523 | Real Time Automation 460 Series Cross-site Scripting | S | |
| CVE-2023-4524 | Rejected reason: CVE reject in favor of CVE-2023-40547... | R | |
| CVE-2023-4525 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-4526 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-4527 | Glibc: stack read overflow in getaddrinfo in no-aaaa mode | E M | |
| CVE-2023-4528 | JSCAPE MFT Server Unsafe Deserialization on Management Port | M | |
| CVE-2023-4530 | SQLi in Turna Media's Advertising Administration Panel | | |
| CVE-2023-4531 | SQLi in Mestavs E-commerce Software | | |
| CVE-2023-4532 | Incorrect Authorization in GitLab | E S | |
| CVE-2023-4533 | Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. It... | R | |
| CVE-2023-4534 | NeoMind Fusion Platform Link cross site scripting | E | |
| CVE-2023-4535 | Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys | S | |
| CVE-2023-4536 | My Account Page Editor < 1.3.2 - Subscriber+ Arbitrary File Upload | E | |
| CVE-2023-4537 | Protocol Downgrade in Comarch ERP XL | | |
| CVE-2023-4538 | Shared Key in Comarch ERP XL | | |
| CVE-2023-4539 | Hardcoded password in Comarch ERP XL | | |
| CVE-2023-4540 | DoS in lua-http library | S | |
| CVE-2023-4541 | SQLi in Weens Admin Panel | | |
| CVE-2023-4542 | D-Link DAR-8000-10 sys1.php os command injection | E | |
| CVE-2023-4543 | IBOS OA export&contactids=x sql injection | E | |
| CVE-2023-4544 | Byzoro Smart S85F Management Platform php.ini direct request | E | |
| CVE-2023-4545 | IBOS OA export&checkids=x sql injection | E | |
| CVE-2023-4546 | Byzoro Smart S85F Management Platform licence.php access control | E | |
| CVE-2023-4547 | SPA-Cart eCommerce CMS search cross site scripting | E | |
| CVE-2023-4548 | SPA-Cart eCommerce CMS GET Parameter search sql injection | E | |
| CVE-2023-4549 | DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting | E | |
| CVE-2023-4550 | Unauthenticated Arbitrary File Read | | |
| CVE-2023-4551 | Command Injection via Task Scheduler | | |
| CVE-2023-4552 | Java Database Connectivity (JDBC) URL Manipulation | | |
| CVE-2023-4553 | Unauthenticated Access to AppBuilder Configuration Files | | |
| CVE-2023-4554 | XML External Entity (XXE) Processing | | |
| CVE-2023-4555 | SourceCodester Inventory Management System suppliar_data.php cross site scripting | E | |
| CVE-2023-4556 | SourceCodester Online Graduate Tracer System sexit.php mysqli_query sql injection | E | |
| CVE-2023-4557 | SourceCodester Inventory Management System search_purchase_paymen_report.php sql injection | E | |
| CVE-2023-4558 | SourceCodester Inventory Management System staff_data.php sql injection | E | |
| CVE-2023-4559 | Bettershop LaikeTui POST Request unrestricted upload | | |
| CVE-2023-4560 | Improper Authorization of Index Containing Sensitive Information in omeka/omeka-s | E S | |
| CVE-2023-4561 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s | E S | |
| CVE-2023-4562 | Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module | | |
| CVE-2023-4563 | Rejected reason: This was assigned as a duplicate of CVE-2023-4244.... | R | |
| CVE-2023-4564 | Multiple vulnerabilities in Canopsis of Capensis | S | |
| CVE-2023-4565 | Broadcast permission control vulnerability in the framework module. Successful exploitation of this ... | | |
| CVE-2023-4566 | Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitat... | | |
| CVE-2023-4567 | Rejected reason: Issue has been found to be non-reproducible, therefore not a viable flaw.... | R | |
| CVE-2023-4568 | PaperCut NG Unauthenticated XMLRPC | E | |
| CVE-2023-4569 | Kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c | S | |
| CVE-2023-4570 | Improper Restriction in NI MeasurementLink Python Services | | |
| CVE-2023-4571 | Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI) | | |
| CVE-2023-4572 | Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to ... | | |
| CVE-2023-4573 | When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which c... | | |
| CVE-2023-4574 | When creating a callback over IPC for showing the Color Picker window, multiple of the same callback... | | |
| CVE-2023-4575 | When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks... | | |
| CVE-2023-4576 | On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a h... | | |
| CVE-2023-4577 | When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbag... | | |
| CVE-2023-4578 | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `... | | |
| CVE-2023-4579 | Search queries in the default search engine could appear to have been the currently navigated URL if... | | |
| CVE-2023-4580 | Push notifications stored on disk in private browsing mode were not being encrypted potentially allo... | | |
| CVE-2023-4581 | Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which all... | | |
| CVE-2023-4582 | Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could h... | | |
| CVE-2023-4583 | When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was... | | |
| CVE-2023-4584 | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14... | | |
| CVE-2023-4585 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these b... | | |
| CVE-2023-4586 | Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack | M | |
| CVE-2023-4587 | Insecure direct object reference in ZKTeco ZEM800 | S | |
| CVE-2023-4588 | File accessibility vulnerability in Delinea Secret Server | | |
| CVE-2023-4589 | Insufficient verification of data authenticity vulnerability in Delinea Secret Server | | |
| CVE-2023-4590 | Buffer Overflow vulnerability in Frhed | | |
| CVE-2023-4591 | Inclusion of Functionality from Untrusted Control Sphere in WPN-XM Serverstack | S | |
| CVE-2023-4592 | Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack | S | |
| CVE-2023-4593 | Path Traversal in BVRP Software SLmail | S | |
| CVE-2023-4594 | Cross-site Scripting in BVRP Software SLmail | S | |
| CVE-2023-4595 | Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail | S | |
| CVE-2023-4596 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validat... | E S | |
| CVE-2023-4597 | The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sl... | | |
| CVE-2023-4598 | The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcod... | E S | |
| CVE-2023-4599 | The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ee... | | |
| CVE-2023-4600 | The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing ca... | | |
| CVE-2023-4601 | Stack-based Buffer Overflow in NI System Configuration Software | M | |
| CVE-2023-4602 | The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cours... | E S | |
| CVE-2023-4603 | The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Script... | E S | |
| CVE-2023-4604 | Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post' | | |
| CVE-2023-4605 | A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthe... | S | |
| CVE-2023-4606 | An authenticated XCC user with Read-Only permission can change a different user’s password through a... | S | |
| CVE-2023-4607 | An authenticated XCC user can change permissions for any user through a crafted API command.... | S | |
| CVE-2023-4608 | An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases ... | S | |
| CVE-2023-4609 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-4610 | Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This b... | R | |
| CVE-2023-4611 | Use after free race between mbind() and vma-locked page fault | S | |
| CVE-2023-4612 | MFA bypass in Apereo CAS | | |
| CVE-2023-4613 | Upload Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | | |
| CVE-2023-4614 | setThumbnailRC Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | | |
| CVE-2023-4615 | updateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | | |
| CVE-2023-4616 | thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | | |
| CVE-2023-4617 | Gaining remote control over Govee devices | | |
| CVE-2023-4620 | Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS | E | |
| CVE-2023-4621 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-4622 | Use-after-free in Linux kernel's af_unix component | S | |
| CVE-2023-4623 | Use-after-free in Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component | S | |
| CVE-2023-4624 | Server-Side Request Forgery (SSRF) in bookstackapp/bookstack | E | |
| CVE-2023-4625 | Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC Series CPU module | | |
| CVE-2023-4626 | The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing... | S | |
| CVE-2023-4627 | The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing... | | |
| CVE-2023-4628 | The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce ... | | |
| CVE-2023-4629 | The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce ... | | |
| CVE-2023-4630 | Missing Authorization in GitLab | S | |
| CVE-2023-4631 | DoLogin Security < 3.7 - IP Spoofing | E | |
| CVE-2023-4632 | An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an a... | S | |
| CVE-2023-4634 | The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Co... | E S | |
| CVE-2023-4635 | The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' param... | E | |
| CVE-2023-4636 | The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... | E S | |
| CVE-2023-4637 | The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capab... | | |
| CVE-2023-4639 | Undertow: cookie smuggling/spoofing | | |
| CVE-2023-4640 | Set Logging Level Without Authentication | | |
| CVE-2023-4641 | Shadow-utils: possible password leak during passwd(1) change | | |
| CVE-2023-4642 | kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition | E | |
| CVE-2023-4643 | Enable Media Replace < 4.1.3 - Author+ PHP Object Injection | E | |
| CVE-2023-4645 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and... | S | |
| CVE-2023-4646 | Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS | E | |
| CVE-2023-4647 | Allocation of Resources Without Limits or Throttling in GitLab | S | |
| CVE-2023-4648 | The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin ... | S | |
| CVE-2023-4649 | Session Fixation in instantsoft/icms2 | E S | |
| CVE-2023-4650 | Improper Access Control in instantsoft/icms2 | E S | |
| CVE-2023-4651 | Server-Side Request Forgery (SSRF) in instantsoft/icms2 | E S | |
| CVE-2023-4652 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 | E S | |
| CVE-2023-4653 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 | E S | |
| CVE-2023-4654 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2 | E S | |
| CVE-2023-4655 | Cross-site Scripting (XSS) - Reflected in instantsoft/icms2 | E S | |
| CVE-2023-4656 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4658 | Incorrect Authorization in GitLab | E S | |
| CVE-2023-4659 | Cross-Site Request Forgery in Free5Gc | S | |
| CVE-2023-4661 | SQLi in Saphira Connect | S | |
| CVE-2023-4662 | RCE in Saphira Connect | S | |
| CVE-2023-4663 | XSS in Saphira Connect | S | |
| CVE-2023-4664 | Privilage Escalation in Saphira Connect | S | |
| CVE-2023-4665 | Privilage Escalation in Saphira Connect | S | |
| CVE-2023-4666 | Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2023-4667 | Stored Cross Site Scripting in webserver administration | | |
| CVE-2023-4668 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and... | S | |
| CVE-2023-4669 | Authentication Bypass in Exagate SYSGuard 3001 | | |
| CVE-2023-4670 | SQLi in Innosa's Probbys | | |
| CVE-2023-4671 | SQLi in Talent Soft's ECOP | | |
| CVE-2023-4672 | XSS in Talent Soft's ECOP | | |
| CVE-2023-4673 | SQLi in Sanalogy's Turasistan | | |
| CVE-2023-4674 | SQLi in Yazteks E-Commerce Software | | |
| CVE-2023-4675 | SQLi i GM Informatics MDO | | |
| CVE-2023-4676 | XSS in Yordams MedasPro | | |
| CVE-2023-4677 | Unauthenticated Admin Account Takeover Via Cron Log File Backups | S | |
| CVE-2023-4678 | Divide By Zero in gpac/gpac | E S | |
| CVE-2023-4679 | Use After Free in gpac/gpac | E S | |
| CVE-2023-4680 | Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption | | |
| CVE-2023-4681 | NULL Pointer Dereference in gpac/gpac | E S | |
| CVE-2023-4682 | Heap-based Buffer Overflow in gpac/gpac | E S | |
| CVE-2023-4683 | NULL Pointer Dereference in gpac/gpac | E S | |
| CVE-2023-4685 | CVE-2023-4685 | | |
| CVE-2023-4686 | The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in vers... | S | |
| CVE-2023-4687 | PageLayer < 1.7.7 - Unauthenticated Stored XSS | E | |
| CVE-2023-4688 | Sensitive information leak through log files. The following products are affected: Acronis Agent (Li... | | |
| CVE-2023-4689 | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver... | S | |
| CVE-2023-4690 | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver... | S | |
| CVE-2023-4691 | Bookly < 22.4 - Admin+ SQLi | E | |
| CVE-2023-4692 | Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution | E | |
| CVE-2023-4693 | Grub2: out-of-bounds read at fs/ntfs.c | E | |
| CVE-2023-4694 | Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a S... | | |
| CVE-2023-4695 | Use of Predictable Algorithm in Random Number Generator in pkp/pkp-lib | E | |
| CVE-2023-4696 | Improper Access Control in usememos/memos | S | |
| CVE-2023-4697 | Improper Privilege Management in usememos/memos | E S | |
| CVE-2023-4698 | Improper Input Validation in usememos/memos | E S | |
| CVE-2023-4699 | Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products | | |
| CVE-2023-4700 | Missing Authorization in GitLab | E S | |
| CVE-2023-4701 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the ve... | R | |
| CVE-2023-4702 | Authentication Bypass in Digital Yepas | | |
| CVE-2023-4703 | All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation | E | |
| CVE-2023-4704 | External Control of System or Configuration Setting in instantsoft/icms2 | E S | |
| CVE-2023-4705 | Rejected reason: CVE-2023-4705 was wrongly assigned to a bug that was deemed to be a non-security is... | R | |
| CVE-2023-4706 | A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Micros... | S | |
| CVE-2023-4707 | Infosoftbd Clcknshop all cross site scripting | | |
| CVE-2023-4708 | Infosoftbd Clcknshop GET Parameter all sql injection | | |
| CVE-2023-4709 | TOTVS RM Portal Login.aspx cross site scripting | M | |
| CVE-2023-4710 | TOTVS RM Portal cross site scripting | | |
| CVE-2023-4711 | D-Link DAR-8000-10 decodmail.php os command injection | E | |
| CVE-2023-4712 | Xintian Smart Table Integrated Management System AddUpdateRole.aspx sql injection | E | |
| CVE-2023-4713 | IBOS OA addcomment addComment sql injection | E | |
| CVE-2023-4714 | PlayTube Redirect information disclosure | E | |
| CVE-2023-4716 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th... | S | |
| CVE-2023-4717 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2023-4718 | The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '... | | |
| CVE-2023-4719 | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `... | S | |
| CVE-2023-4720 | Floating Point Comparison with Incorrect Operator in gpac/gpac | E S | |
| CVE-2023-4721 | Out-of-bounds Read in gpac/gpac | E S | |
| CVE-2023-4722 | Integer Overflow or Wraparound in gpac/gpac | E S | |
| CVE-2023-4723 | The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in... | S | |
| CVE-2023-4724 | WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE | E | |
| CVE-2023-4725 | Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS | E | |
| CVE-2023-4726 | The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin s... | S | |
| CVE-2023-4727 | Ca: token authentication bypass vulnerability | | |
| CVE-2023-4728 | The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing... | | |
| CVE-2023-4729 | The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce ... | | |
| CVE-2023-4730 | LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint | | |
| CVE-2023-4731 | The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce c... | S | |
| CVE-2023-4732 | Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h | M | |
| CVE-2023-4733 | Use After Free in vim/vim | E S | |
| CVE-2023-4734 | Integer Overflow or Wraparound in vim/vim | E S | |
| CVE-2023-4735 | Out-of-bounds Write in vim/vim | E S | |
| CVE-2023-4736 | Untrusted Search Path in vim/vim | E S | |
| CVE-2023-4737 | SQLi in Hedef Trackings Admin Panel | | |
| CVE-2023-4738 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2023-4739 | Byzoro Smart S85F Management Platform updateos.php unrestricted upload | E | |
| CVE-2023-4740 | IBOS OA Delete Draft delDraft&archiveId=0 sql injection | E | |
| CVE-2023-4741 | IBOS OA Delete Logs del sql injection | E | |
| CVE-2023-4742 | IBOS OA export&uid=X sql injection | E | |
| CVE-2023-4743 | Dreamer CMS file access | E | |
| CVE-2023-4744 | Tenda AC8 formSetDeviceName stack-based overflow | E | |
| CVE-2023-4745 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php sql injection | E | |
| CVE-2023-4746 | TOTOLINK N200RE V5 Validity_check format string | E | |
| CVE-2023-4747 | DedeCMS tags.php sql injection | E | |
| CVE-2023-4748 | Yongyou UFIDA-NC PrintTemplateFileServlet.java path traversal | E | |
| CVE-2023-4749 | SourceCodester Inventory Management System index.php file inclusion | E | |
| CVE-2023-4750 | Use After Free in vim/vim | E S | |
| CVE-2023-4751 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2023-4752 | Use After Free in vim/vim | E S | |
| CVE-2023-4753 | OpenHarmony v3.2.1 and prior version has a system call function usage error | | |
| CVE-2023-4754 | Out-of-bounds Write in gpac/gpac | E S | |
| CVE-2023-4755 | Use After Free in gpac/gpac | E S | |
| CVE-2023-4756 | Stack-based Buffer Overflow in gpac/gpac | E S | |
| CVE-2023-4757 | Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries | E | |
| CVE-2023-4758 | Buffer Over-read in gpac/gpac | E S | |
| CVE-2023-4759 | Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write | S | |
| CVE-2023-4760 | Remote Code Execution in Eclipse RAP on Windows | E S | |
| CVE-2023-4761 | Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attac... | | |
| CVE-2023-4762 | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute a... | KEV S | |
| CVE-2023-4763 | Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to pot... | | |
| CVE-2023-4764 | Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker ... | | |
| CVE-2023-4765 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4766 | SQLi in Movus Admin Panel | | |
| CVE-2023-4767 | Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central | S | |
| CVE-2023-4768 | Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central | S | |
| CVE-2023-4769 | Server-Side Request Forgery in ManageEngine Desktop Central | S | |
| CVE-2023-4770 | Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server | | |
| CVE-2023-4771 | Cross-Site Scripting vulnerability in CKSource CKEditor | | |
| CVE-2023-4772 | The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter... | S | |
| CVE-2023-4773 | The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... | | |
| CVE-2023-4774 | The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripti... | S | |
| CVE-2023-4775 | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advan... | S | |
| CVE-2023-4776 | WPSchoolPress < 2.2.5 - Teacher+ SQLi | E | |
| CVE-2023-4777 | Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier | S | |
| CVE-2023-4778 | Out-of-bounds Read in gpac/gpac | E S | |
| CVE-2023-4779 | The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p... | | |
| CVE-2023-4780 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-0590. Reason: T... | R | |
| CVE-2023-4781 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2023-4782 | Terraform Allows Arbitrary File Write During Init Operation | | |
| CVE-2023-4783 | Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode | E | |
| CVE-2023-4784 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4785 | Denial of Service in gRPC Core | S | |
| CVE-2023-4792 | The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized p... | S | |
| CVE-2023-4795 | Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS | E | |
| CVE-2023-4796 | The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_op... | E S | |
| CVE-2023-4797 | Newsletter Lite < 4.9.3 - Admin+ Command Injection | E | |
| CVE-2023-4798 | User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS | E | |
| CVE-2023-4799 | Magic Embeds < 3.1.2 - Contributor+ Stored XSS via shortcode | E | |
| CVE-2023-4800 | DoLogin Security < 3.7.1 - Subscriber+ IP Address leak | E | |
| CVE-2023-4801 | ITM MacOS Agent Improper Certificate Validation | | |
| CVE-2023-4802 | ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint | | |
| CVE-2023-4803 | ITM Server Cross-site Scripting in WriteWindowTitle Endpoint | | |
| CVE-2023-4804 | Quantum HD Unity | S | |
| CVE-2023-4805 | Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting | E | |
| CVE-2023-4806 | Glibc: potential use-after-free in getaddrinfo() | | |
| CVE-2023-4807 | POLY1305 MAC implementation corrupts XMM registers on Windows | S | |
| CVE-2023-4808 | WP Post Popup <= 3.7.3 - Admin+ Stored XSS | E | |
| CVE-2023-4809 | pf incorrectly handles multiple IPv6 fragment headers | | |
| CVE-2023-4810 | Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping | E | |
| CVE-2023-4811 | WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting | E | |
| CVE-2023-4812 | Incorrect Authorization in GitLab | E S | |
| CVE-2023-4813 | Glibc: potential use-after-free in gaih_inet() | S | |
| CVE-2023-4814 | A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can b... | | |
| CVE-2023-4815 | Missing Authentication for Critical Function in answerdev/answer | E S | |
| CVE-2023-4816 | A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On ... | | |
| CVE-2023-4817 | Unrestricted file upload vulnerability in ICP DAS ET-7060 | S | |
| CVE-2023-4818 | PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is c... | E | |
| CVE-2023-4819 | Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting | E | |
| CVE-2023-4820 | PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS | E | |
| CVE-2023-4821 | Drag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site Scripting | E | |
| CVE-2023-4822 | Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafa... | | |
| CVE-2023-4823 | WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS | E | |
| CVE-2023-4824 | WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF | E | |
| CVE-2023-4826 | Socialdriver < 2024 - Prototype Pollution to XSS | E | |
| CVE-2023-4827 | File Manager Pro < 1.8 - Remote Code Execution via CSRF | E | |
| CVE-2023-4828 | ITM Server Communications Hijack | | |
| CVE-2023-4829 | Cross-site Scripting (XSS) - Stored in froxlor/froxlor | E S | |
| CVE-2023-4830 | SQLi in Tura's Signalix | | |
| CVE-2023-4831 | SQLi in nCep | | |
| CVE-2023-4832 | SQLi in Aceka Holdings Company Management | | |
| CVE-2023-4833 | SQLi in Besttem's Network Marketing Software | | |
| CVE-2023-4834 | In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and ... | | |
| CVE-2023-4835 | SQLi in CF's Oil Management Software | | |
| CVE-2023-4836 | WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR | E | |
| CVE-2023-4837 | Cross-site request forgery (CSRF) in SmodBIP | | |
| CVE-2023-4838 | The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th... | S | |
| CVE-2023-4839 | The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in vers... | S | |
| CVE-2023-4840 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi... | S | |
| CVE-2023-4841 | The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scriptin... | E S | |
| CVE-2023-4842 | The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site S... | S | |
| CVE-2023-4843 | Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utiliz... | | |
| CVE-2023-4844 | SourceCodester Simple Membership System club_edit_query.php sql injection | E | |
| CVE-2023-4845 | SourceCodester Simple Membership System account_edit_query.php sql injection | E | |
| CVE-2023-4846 | SourceCodester Simple Membership System delete_member.php sql injection | E | |
| CVE-2023-4847 | SourceCodester Simple Book Catalog App Update Book Form cross site scripting | E | |
| CVE-2023-4848 | SourceCodester Simple Book Catalog App delete_book.php sql injection | E | |
| CVE-2023-4849 | IBOS OA trash&op=del sql injection | E | |
| CVE-2023-4850 | IBOS OA del sql injection | E | |
| CVE-2023-4851 | IBOS OA edit&op=member sql injection | E | |
| CVE-2023-4852 | IBOS OA optimize sql injection | E | |
| CVE-2023-4853 | Quarkus: http security policy bypass | E M | |
| CVE-2023-4855 | A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authentica... | S | |
| CVE-2023-4856 | A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated ... | S | |
| CVE-2023-4857 | An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authe... | S | |
| CVE-2023-4858 | WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2023-4859 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-27957. Reason: ... | R | |
| CVE-2023-4860 | Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attack... | | |
| CVE-2023-4861 | File Manager Pro < 1.8.1 - Admin+ Remote Code Execution | E | |
| CVE-2023-4862 | File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a... | KEV E S | |
| CVE-2023-4864 | SourceCodester Take-Note App index.php cross site scripting | E | |
| CVE-2023-4865 | SourceCodester Take-Note App cross-site request forgery | E | |
| CVE-2023-4866 | SourceCodester Online Tours & Travels Management System booking.php exec sql injection | E | |
| CVE-2023-4867 | Xintian Smart Table Integrated Management System Added Site Page AddUpdateSites.aspx sql injection | E | |
| CVE-2023-4868 | SourceCodester Contact Manager App add.php cross-site request forgery | E | |
| CVE-2023-4869 | SourceCodester Contact Manager App update.php cross-site request forgery | E | |
| CVE-2023-4870 | SourceCodester Contact Manager App Contact Information index.php cross site scripting | E | |
| CVE-2023-4871 | SourceCodester Contact Manager App delete.php sql injection | E | |
| CVE-2023-4872 | SourceCodester Contact Manager App add.php sql injection | E | |
| CVE-2023-4873 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injection | E | |
| CVE-2023-4874 | Undefined Behavior for Input to API in Mutt | S | |
| CVE-2023-4875 | Undefined Behavior for Input to API in Mutt | S | |
| CVE-2023-4876 | Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure | S | |
| CVE-2023-4877 | Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure | S | |
| CVE-2023-4878 | Server-Side Request Forgery (SSRF) in instantsoft/icms2 | E S | |
| CVE-2023-4879 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 | E S | |
| CVE-2023-4881 | Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security is... | R | |
| CVE-2023-4882 | Multiple vulnerabilities in Open5GS | S | |
| CVE-2023-4883 | Multiple vulnerabilities in Open5GS | S | |
| CVE-2023-4884 | Multiple vulnerabilities in Open5GS | S | |
| CVE-2023-4885 | Multiple vulnerabilities in Open5GS | S | |
| CVE-2023-4886 | Foreman: world readable file containing secrets | | |
| CVE-2023-4887 | The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-... | S | |
| CVE-2023-4888 | The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 's... | S | |
| CVE-2023-4889 | The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' ... | S | |
| CVE-2023-4890 | The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Si... | S | |
| CVE-2023-4891 | A potential use-after-free vulnerability was reported in the Lenovo View driver that could result i... | S | |
| CVE-2023-4892 | Teedy v1.11 - Stored cross-site scripting (XSS) | E | |
| CVE-2023-4893 | The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via ... | | |
| CVE-2023-4895 | Missing Authorization in GitLab | E S | |
| CVE-2023-4896 | Authenticated Disclosure of Sensitive Information in AirWave Management Platform | | |
| CVE-2023-4897 | Relative Path Traversal in mintplex-labs/anything-llm | E S | |
| CVE-2023-4898 | Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm | E S | |
| CVE-2023-4899 | SQL Injection in mintplex-labs/anything-llm | E S | |
| CVE-2023-4900 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allow... | | |
| CVE-2023-4901 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote att... | | |
| CVE-2023-4902 | Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attac... | | |
| CVE-2023-4903 | Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.6... | | |
| CVE-2023-4904 | Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remot... | | |
| CVE-2023-4905 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote att... | | |
| CVE-2023-4906 | Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote... | | |
| CVE-2023-4907 | Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a... | | |
| CVE-2023-4908 | Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a... | | |
| CVE-2023-4909 | Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remo... | | |
| CVE-2023-4910 | 3scale-admin-portal: logged out users tokens can be accessed | M | |
| CVE-2023-4911 | Glibc: buffer overflow in ld.so leading to privilege escalation | KEV E S | |
| CVE-2023-4912 | Allocation of Resources Without Limits or Throttling in GitLab | E S | |
| CVE-2023-4913 | Cross-site Scripting (XSS) - Reflected in cecilapp/cecil | E S | |
| CVE-2023-4914 | Relative Path Traversal in cecilapp/cecil | E S | |
| CVE-2023-4915 | The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions u... | | |
| CVE-2023-4916 | The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers... | | |
| CVE-2023-4917 | The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, an... | | |
| CVE-2023-4918 | Plaintext storage of user password | | |
| CVE-2023-4919 | The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortc... | E S | |
| CVE-2023-4920 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,... | | |
| CVE-2023-4921 | Use-after-free in Linux kernel's net/sched: sch_qfq component | E S | |
| CVE-2023-4922 | WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion | E | |
| CVE-2023-4923 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,... | | |
| CVE-2023-4924 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.... | | |
| CVE-2023-4925 | Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2023-4926 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,... | | |
| CVE-2023-4927 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4928 | SQL Injection in instantsoft/icms2 | E S | |
| CVE-2023-4929 | NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability | S | |
| CVE-2023-4930 | Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing | E | |
| CVE-2023-4931 | Uncontrolled search path element vulnerability in Plesk | S | |
| CVE-2023-4932 | Reflected Cross-Site Scripting in SAS 9.4 | S | |
| CVE-2023-4933 | WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing | E | |
| CVE-2023-4934 | IDOR in Usta AYBS | | |
| CVE-2023-4935 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,... | | |
| CVE-2023-4936 | Synaptics-DisplayLink-privilege escalation vulnerability via a dynamic library sideloading | M | |
| CVE-2023-4937 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,... | | |
| CVE-2023-4938 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.... | | |
| CVE-2023-4939 | The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including... | S | |
| CVE-2023-4940 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,... | | |
| CVE-2023-4941 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.... | | |
| CVE-2023-4942 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,... | | |
| CVE-2023-4943 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.... | | |
| CVE-2023-4944 | The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scr... | | |
| CVE-2023-4945 | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via mu... | S | |
| CVE-2023-4947 | The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification ... | | |
| CVE-2023-4948 | The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification ... | | |
| CVE-2023-4949 | Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation | S | |
| CVE-2023-4950 | Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting | E | |
| CVE-2023-4951 | Cross Site Scripting (XSS) Issue on "Client Based Authentication Policy Configuration" Screen | S | |
| CVE-2023-4956 | Quay: clickjacking on config-editor page severity | M | |
| CVE-2023-4957 | Authentication Bypass on Zebra ZTC | S | |
| CVE-2023-4958 | Stackrox: missing http security headers allows for clickjacking in web ui | S | |
| CVE-2023-4959 | Quay: cross-site request forgery (csrf) on config-editor page | M | |
| CVE-2023-4960 | The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_sto... | S | |
| CVE-2023-4961 | The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' short... | E S | |
| CVE-2023-4962 | The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' ... | S | |
| CVE-2023-4963 | The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Sit... | | |
| CVE-2023-4964 | Potential open redirect vulnerability in opentext SMAX and AMX product. | | |
| CVE-2023-4965 | phpipam Header redirect | E | |
| CVE-2023-4966 | Unauthenticated sensitive information disclosure | KEV | |
| CVE-2023-4967 | Denial of service | | |
| CVE-2023-4968 | The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage'... | S | |
| CVE-2023-4969 | GPU kernel implementations susceptible to memory leak | E M | |
| CVE-2023-4970 | PubyDoc <= 2.0.6 - Admin+ Stored XSS | E | |
| CVE-2023-4971 | Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection | E | |
| CVE-2023-4972 | Information Disclosure in Digital Yepas | | |
| CVE-2023-4973 | Academy LMS GET Parameter filter cross site scripting | E | |
| CVE-2023-4974 | Academy LMS GET Parameter filter sql injection | | |
| CVE-2023-4975 | The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in ... | S | |
| CVE-2023-4976 | FlashBlade Authentication Mechanism Vulnerability | S | |
| CVE-2023-4977 | Code Injection in librenms/librenms | E S | |
| CVE-2023-4978 | Cross-site Scripting (XSS) - DOM in librenms/librenms | E S | |
| CVE-2023-4979 | Cross-site Scripting (XSS) - Reflected in librenms/librenms | E S | |
| CVE-2023-4980 | Cross-site Scripting (XSS) - Generic in librenms/librenms | E S | |
| CVE-2023-4981 | Cross-site Scripting (XSS) - DOM in librenms/librenms | E S | |
| CVE-2023-4982 | Cross-site Scripting (XSS) - Stored in librenms/librenms | E S | |
| CVE-2023-4983 | app1pro Shopicial search cross site scripting | | |
| CVE-2023-4984 | didi KnowSearch 1 credentials storage | E | |
| CVE-2023-4985 | Supcon InPlant SCADA Project.xml improper authentication | E | |
| CVE-2023-4986 | Supcon InPlant SCADA Project.xml unknown vulnerability | E | |
| CVE-2023-4987 | infinitietech taskhub GET Parameter get_tasks_list sql injection | E | |
| CVE-2023-4988 | Bettershop LaikeTui unrestricted upload | | |
| CVE-2023-4990 | Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow at... | | |
| CVE-2023-4991 | NextBX QWAlerter QWAlerter.exe unquoted search path | | |
| CVE-2023-4993 | Sensetive Data Exposure in Utarit's Soliclub | | |
| CVE-2023-4994 | The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in vers... | S | |
| CVE-2023-4995 | The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' ... | | |
| CVE-2023-4996 | Local privilege escalation | S | |
| CVE-2023-4997 | Improper authorisation in Uptime DC | | |
| CVE-2023-4998 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-4999 | The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the pl... | E |