| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-40000 | WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Site Wide Stored XSS vulnerability | E S | |
| CVE-2023-40001 | WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability | S | |
| CVE-2023-40002 | WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-40003 | WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability | S | |
| CVE-2023-40004 | Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins | S | |
| CVE-2023-40005 | WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control | S | |
| CVE-2023-40007 | WordPress CT Commerce Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40008 | WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-40009 | WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-40010 | WordPress HUSKY – Products Filter for WooCommerce (formerly WOOF) Plugin <= 1.3.4.2 is vulnerable to SQL Injection | S | |
| CVE-2023-40011 | WordPress Cost Calculator Builder plugin <= 3.1.42 - Broken Access Control vulnerability | S | |
| CVE-2023-40012 | uthenticode EKU validation bypass | S | |
| CVE-2023-40013 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader | S | |
| CVE-2023-40014 | OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender | S | |
| CVE-2023-40015 | Vyper: reversed order of side effects for some operations | E | |
| CVE-2023-40017 | Geonode Server Side Request Forgery vulnerability | E S | |
| CVE-2023-40018 | FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID | | |
| CVE-2023-40019 | FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names | E | |
| CVE-2023-40020 | Improper Authentication in PrivateUploader | S | |
| CVE-2023-40021 | Timing Attack Reveals CSRF Tokens in oppia | E S | |
| CVE-2023-40022 | Rizin vulnerable to Integer Overflow in C++ demangler logic | S | |
| CVE-2023-40023 | Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading | S | |
| CVE-2023-40024 | Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint | E | |
| CVE-2023-40025 | Argo CD web terminal session doesn't expire | E S | |
| CVE-2023-40026 | Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server | M | |
| CVE-2023-40027 | Conditionally missing authorization in @keystone-6/core | S | |
| CVE-2023-40028 | Arbitrary file read via symlinks in Ghost | S | |
| CVE-2023-40029 | Cluster secret might leak in cluster details page in Argo CD | E S | |
| CVE-2023-40030 | Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports | S | |
| CVE-2023-40031 | Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert | E | |
| CVE-2023-40032 | Potential segfault due to NULL pointer dereference in libvips | S | |
| CVE-2023-40033 | Server-Side Request Forgery via Avatar upload in flarum | S | |
| CVE-2023-40034 | Repositoty takeover in woodpecker-ci | S | |
| CVE-2023-40035 | Craft CMS vulnerable to Remote Code Execution via validatePath bypass | E S | |
| CVE-2023-40036 | Notepad++ global buffer read overflow in CharDistributionAnalysis::HandleOneChar | E | |
| CVE-2023-40037 | Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs | | |
| CVE-2023-40038 | Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized ... | | |
| CVE-2023-40039 | An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximit... | | |
| CVE-2023-40040 | An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Andro... | | |
| CVE-2023-40041 | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cs... | E | |
| CVE-2023-40042 | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib... | E | |
| CVE-2023-40043 | MOVEit Transfer System Administrator SQL Injection | | |
| CVE-2023-40044 | WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability | KEV E | |
| CVE-2023-40045 | WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability | | |
| CVE-2023-40046 | WS_FTP Server SQL Injection via Administrative Interface | | |
| CVE-2023-40047 | WS_FTP Server Stored Cross-Site Scripting Vulnerability | | |
| CVE-2023-40048 | WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2023-40049 | WS_FTP Server Information Disclosure via Directory Listing | | |
| CVE-2023-40050 | Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application | S | |
| CVE-2023-40051 | Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal | | |
| CVE-2023-40052 | Progress Application Server (PAS) for OpenEdge Denial of Service | | |
| CVE-2023-40053 | HTML injection Vulnerability in Serv-U 15.4 | S | |
| CVE-2023-40054 | SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2023-40055 | SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2023-40056 | SolarWinds Platform SQL Injection Remote Code Execution Vulnerability | S | |
| CVE-2023-40057 | SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution | S | |
| CVE-2023-40058 | Sensitive Information Disclosure Vulnerability | S | |
| CVE-2023-40060 | 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1 | S | |
| CVE-2023-40061 | Insecure Job Execution Mechanism Vulnerability | S | |
| CVE-2023-40062 | Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability | S | |
| CVE-2023-40067 | Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to poten... | | |
| CVE-2023-40068 | Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Cu... | | |
| CVE-2023-40069 | OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access ... | | |
| CVE-2023-40070 | Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an a... | | |
| CVE-2023-40071 | Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an ... | | |
| CVE-2023-40072 | OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticat... | | |
| CVE-2023-40073 | In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy.... | S | |
| CVE-2023-40074 | In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of servic... | S | |
| CVE-2023-40075 | In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited ... | S | |
| CVE-2023-40076 | In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials fr... | S | |
| CVE-2023-40077 | In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. Th... | S | |
| CVE-2023-40078 | In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of... | S | |
| CVE-2023-40079 | In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch du... | S | |
| CVE-2023-40080 | In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic erro... | S | |
| CVE-2023-40081 | In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another us... | | |
| CVE-2023-40082 | In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to impro... | S | |
| CVE-2023-40083 | In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check.... | S | |
| CVE-2023-40084 | In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This co... | S | |
| CVE-2023-40085 | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a miss... | S | |
| CVE-2023-40087 | In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a... | S | |
| CVE-2023-40088 | In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible ... | S | |
| CVE-2023-40089 | In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for use... | S | |
| CVE-2023-40090 | In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due ... | S | |
| CVE-2023-40091 | In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corrupti... | S | |
| CVE-2023-40092 | In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's ... | S | |
| CVE-2023-40093 | In multiple files, there is a possible way that trimmed content could be included in PDF output due ... | S | |
| CVE-2023-40094 | In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due ... | S | |
| CVE-2023-40095 | In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background a... | S | |
| CVE-2023-40096 | In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audi... | S | |
| CVE-2023-40097 | In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to impro... | S | |
| CVE-2023-40098 | In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification ... | S | |
| CVE-2023-40100 | In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use af... | S | |
| CVE-2023-40101 | In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds che... | | |
| CVE-2023-40103 | In multiple locations, there is a possible way to corrupt memory due to a double free. This could le... | S | |
| CVE-2023-40104 | In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographi... | S | |
| CVE-2023-40105 | In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data... | S | |
| CVE-2023-40106 | In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity fro... | S | |
| CVE-2023-40107 | In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This ... | S | |
| CVE-2023-40108 | In multiple locations, there is a possible way to access media content belonging to another user due... | | |
| CVE-2023-40109 | In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) d... | S | |
| CVE-2023-40110 | In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer... | S | |
| CVE-2023-40111 | In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending inte... | S | |
| CVE-2023-40112 | In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. Th... | S | |
| CVE-2023-40113 | In multiple locations, there is a possible way for apps to access cross-user message data due to a m... | S | |
| CVE-2023-40114 | In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use aft... | S | |
| CVE-2023-40115 | In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This... | S | |
| CVE-2023-40116 | In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity la... | S | |
| CVE-2023-40117 | In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a perm... | S | |
| CVE-2023-40120 | In multiple locations, there is a possible way to bypass user notification of foreground services du... | S | |
| CVE-2023-40121 | In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe des... | S | |
| CVE-2023-40122 | In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to... | S | |
| CVE-2023-40123 | In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security bounda... | S | |
| CVE-2023-40124 | In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead... | S | |
| CVE-2023-40125 | In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a p... | S | |
| CVE-2023-40127 | In multiple locations, there is a possible way to access screenshots due to a confused deputy. This ... | S | |
| CVE-2023-40128 | In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer ov... | S | |
| CVE-2023-40129 | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer ... | S | |
| CVE-2023-40130 | In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a lo... | S | |
| CVE-2023-40131 | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This co... | S | |
| CVE-2023-40132 | In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content pr... | | |
| CVE-2023-40133 | In multiple locations of DialogFillUi.java, there is a possible way to view another user's images du... | S | |
| CVE-2023-40134 | In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confu... | S | |
| CVE-2023-40135 | In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due ... | S | |
| CVE-2023-40136 | In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a co... | S | |
| CVE-2023-40137 | In multiple functions of DialogFillUi.java, there is a possible way to view another user's images du... | S | |
| CVE-2023-40138 | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused de... | S | |
| CVE-2023-40139 | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused de... | S | |
| CVE-2023-40140 | In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execu... | S | |
| CVE-2023-40141 | In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a ... | | |
| CVE-2023-40142 | In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the co... | | |
| CVE-2023-40143 | Westermo Lynx | M | |
| CVE-2023-40144 | OS command injection vulnerability in the CBC products allows a remote authenticated attacker to exe... | | |
| CVE-2023-40145 | Weintek cMT3000 HMI Web CGI OS Command Injection | S | |
| CVE-2023-40146 | A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader ... | | |
| CVE-2023-40148 | PingFederate Server Side Request Forgery vulnerability | | |
| CVE-2023-40150 | Softneta MedDream PACS Exposed Dangerous Method or Function | S | |
| CVE-2023-40151 | Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function | S | |
| CVE-2023-40152 | Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write | S | |
| CVE-2023-40153 | Cross-site Scripting in DEXMA DEXGate | | |
| CVE-2023-40154 | Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may ... | | |
| CVE-2023-40155 | Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authen... | | |
| CVE-2023-40156 | Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an a... | | |
| CVE-2023-40158 | Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to exe... | | |
| CVE-2023-40159 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-40160 | Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I So... | | |
| CVE-2023-40161 | Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an... | | |
| CVE-2023-40163 | An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality o... | E | |
| CVE-2023-40164 | Notepad++ global buffer read overflow in nsCodingStateMachine::NextState | E | |
| CVE-2023-40165 | Unauthorized gem replacement for full names ending in numbers on rubygems.org | S | |
| CVE-2023-40166 | Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining | E | |
| CVE-2023-40167 | Jetty accepts "+" prefixed value in Content-Length | | |
| CVE-2023-40168 | Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop | S | |
| CVE-2023-40170 | cross-site inclusion (XSSI) of files in jupyter-server | S | |
| CVE-2023-40171 | Dispatch writes JWT tokens in error message | E S | |
| CVE-2023-40172 | Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton | S | |
| CVE-2023-40173 | Unsalted passwords in fobybus/social-media-skeleton | S | |
| CVE-2023-40174 | Insufficient Session Expiration in fobybus/social-media-skeleton | S | |
| CVE-2023-40175 | Inconsistent Interpretation of HTTP Requests in puma | S | |
| CVE-2023-40176 | SXSS in the user profile via the timezone displayer | S | |
| CVE-2023-40177 | XWiki Platform privilege escalation (PR) from account through AWM content fields | S | |
| CVE-2023-40178 | @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError | S | |
| CVE-2023-40179 | Silverware Games vulnerable to account enumeration via inconsistent responses | | |
| CVE-2023-40180 | Denial of service vulnerability in silverstripe-graphql via recursive queries | S | |
| CVE-2023-40181 | Integer-Underflow leading to Out-Of-Bound Read in FreeRDP | E | |
| CVE-2023-40182 | silverware-io-issue-tracker server responds in a noticeably different amount of time depending if a given email address exists or not | | |
| CVE-2023-40183 | DataEase has a vulnerability to obtain user cookies | E S | |
| CVE-2023-40184 | Improper handling of session establishment errors in xrdp | S | |
| CVE-2023-40185 | Shescape on Windows escaping may be bypassed in threaded context | E S | |
| CVE-2023-40186 | IntegerOverflow leading to Out-Of-Bound Write Vulnerability in FreeRDP | E | |
| CVE-2023-40187 | Use-After-Free in FreeRDP | E | |
| CVE-2023-40188 | Out-Of-Bounds Read in FreeRDP | E | |
| CVE-2023-40191 | Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay ... | | |
| CVE-2023-40193 | Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent a... | | |
| CVE-2023-40194 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Read... | E | |
| CVE-2023-40195 | Apache Airflow Spark Provider Deserialization Vulnerability RCE | S | |
| CVE-2023-40196 | WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40197 | WordPress flowpaper Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40198 | WordPress Easy Cookie Law Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-40199 | WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-40201 | WordPress Futurio Extra Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-40202 | WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-40203 | WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Broken Access Control | S | |
| CVE-2023-40204 | WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-40205 | WordPress PixTypes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40206 | WordPress WP 404 Auto Redirect to Similar Post Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40207 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to SQL Injection | | |
| CVE-2023-40208 | WordPress Stock Ticker Plugin <= 3.23.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40209 | WordPress Highcompress Image Compressor plugin <= 6.0.0 - Broken Access Control vulnerability | | |
| CVE-2023-40210 | WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-40211 | WordPress Post Grid Plugin <= 2.2.50 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-40212 | WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-40213 | WordPress Justified Gallery plugin <= 1.7.3 - Broken Access Control vulnerability | S | |
| CVE-2023-40214 | WordPress Business Pro Theme <= 1.10.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40215 | WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection | | |
| CVE-2023-40216 | OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulatio... | S | |
| CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.1... | | |
| CVE-2023-40218 | An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100,... | | |
| CVE-2023-40219 | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an... | | |
| CVE-2023-40220 | Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to poten... | | |
| CVE-2023-40221 | Socomec MOD3GP-SY-120K Code Injection | S | |
| CVE-2023-40222 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Heap-based Buffer Overflow | S | |
| CVE-2023-40223 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-40224 | MISP 2.4.174 allows XSS in app/View/Events/index.ctp.... | S | |
| CVE-2023-40225 | HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.... | E S | |
| CVE-2023-40235 | An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value... | E S | |
| CVE-2023-40236 | In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers'... | | |
| CVE-2023-40238 | A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47... | E | |
| CVE-2023-40239 | Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information ... | | |
| CVE-2023-40250 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell... | | |
| CVE-2023-40251 | Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5... | | |
| CVE-2023-40252 | Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, ... | | |
| CVE-2023-40253 | Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians G... | | |
| CVE-2023-40254 | Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NA... | | |
| CVE-2023-40256 | A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed un... | | |
| CVE-2023-40260 | EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) require... | | |
| CVE-2023-40261 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, ... | E | |
| CVE-2023-40262 | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows ... | | |
| CVE-2023-40263 | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows ... | | |
| CVE-2023-40264 | An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows ... | | |
| CVE-2023-40265 | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911... | | |
| CVE-2023-40266 | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911... | | |
| CVE-2023-40267 | GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: thi... | S | |
| CVE-2023-40270 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-38831. Reason: This candidat... | R | |
| CVE-2023-40271 | In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, w... | E M | |
| CVE-2023-40272 | Apache Airflow Spark Provider Arbitrary File Read via JDBC | | |
| CVE-2023-40273 | Session fixation in Apache Airflow web interface | S | |
| CVE-2023-40274 | An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, av... | E S | |
| CVE-2023-40275 | An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries ... | | |
| CVE-2023-40276 | An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability ha... | E | |
| CVE-2023-40277 | An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerabil... | E | |
| CVE-2023-40278 | An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been ... | E | |
| CVE-2023-40279 | An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversa... | E | |
| CVE-2023-40280 | An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversa... | E | |
| CVE-2023-40281 | EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "pro... | S | |
| CVE-2023-40282 | Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent ... | | |
| CVE-2023-40283 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel befo... | S | |
| CVE-2023-40284 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker cou... | | |
| CVE-2023-40285 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker cou... | | |
| CVE-2023-40286 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker cou... | | |
| CVE-2023-40287 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker cou... | | |
| CVE-2023-40288 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker cou... | | |
| CVE-2023-40289 | A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices... | | |
| CVE-2023-40290 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker cou... | | |
| CVE-2023-40291 | Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a p... | E | |
| CVE-2023-40292 | Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.... | E | |
| CVE-2023-40293 | Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a... | E | |
| CVE-2023-40294 | libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.... | E | |
| CVE-2023-40295 | libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.... | E | |
| CVE-2023-40296 | async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udps... | E | |
| CVE-2023-40297 | Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.... | | |
| CVE-2023-40299 | Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or mak... | E S | |
| CVE-2023-40300 | NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.... | | |
| CVE-2023-40301 | NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.... | | |
| CVE-2023-40302 | NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability... | | |
| CVE-2023-40303 | GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id... | E S | |
| CVE-2023-40305 | GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.... | E | |
| CVE-2023-40306 | URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) | | |
| CVE-2023-40307 | Privileges Memory Corruption (Out-of-bound write) | | |
| CVE-2023-40308 | Memory Corruption vulnerability in SAP CommonCryptoLib | | |
| CVE-2023-40309 | Missing Authorization check in SAP CommonCryptoLib | | |
| CVE-2023-40310 | Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import | | |
| CVE-2023-40311 | Stored XSS in multiple JSP files in opennms/opennms | S | |
| CVE-2023-40312 | Reflected XSS in multiple JSP files in opennms/opennms | S | |
| CVE-2023-40313 | Disable BeanShell Interpreter Remote Server Mode | S | |
| CVE-2023-40314 | Cross-site scripting in bootstrap.jsp | S | |
| CVE-2023-40315 | ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN | S | |
| CVE-2023-40327 | WordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2023-40328 | WordPress Carrot Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40329 | WordPress Custom Admin Login Page | WPZest Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40330 | WordPress GD Security Headers Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40331 | WordPress Accordion Slider plugin <= 1.9.6 - Broken Access Control vulnerability | S | |
| CVE-2023-40332 | WordPress WP-PostRatings plugin <= 1.91 - Rating limit Bypass vulnerability | S | |
| CVE-2023-40333 | WordPress Bridge Core Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40334 | WordPress HUSKY – Products Filter for WooCommerce Professional plugin <= 1.3.4.2 - Broken Access Control vulnerability | S | |
| CVE-2023-40335 | WordPress Cleverwise Daily Quotes Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40336 | A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and ... | | |
| CVE-2023-40337 | A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and ... | | |
| CVE-2023-40338 | Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an ab... | | |
| CVE-2023-40339 | Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace wi... | | |
| CVE-2023-40340 | Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) creden... | | |
| CVE-2023-40341 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier al... | | |
| CVE-2023-40342 | Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing... | | |
| CVE-2023-40343 | Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function... | | |
| CVE-2023-40344 | A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall... | | |
| CVE-2023-40345 | Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup... | | |
| CVE-2023-40346 | Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting ... | | |
| CVE-2023-40347 | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropria... | | |
| CVE-2023-40348 | The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers in... | | |
| CVE-2023-40349 | Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoi... | | |
| CVE-2023-40350 | Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inse... | | |
| CVE-2023-40351 | A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d a... | | |
| CVE-2023-40352 | McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privi... | | |
| CVE-2023-40353 | An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer ind... | | |
| CVE-2023-40354 | An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a... | | |
| CVE-2023-40355 | Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before... | | |
| CVE-2023-40356 | PingOne MFA Integration Kit MFA bypass | M | |
| CVE-2023-40357 | Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS co... | | |
| CVE-2023-40359 | xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected chara... | | |
| CVE-2023-40360 | QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there... | E S | |
| CVE-2023-40361 | SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploi... | E | |
| CVE-2023-40362 | An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of acce... | E | |
| CVE-2023-40363 | IBM InfoSphere Information Server privilege escalation | | |
| CVE-2023-40367 | IBM QRadar SIEM cross-site scripting | S | |
| CVE-2023-40368 | IBM Storage Protect information disclosure | S | |
| CVE-2023-40370 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2023-40371 | IBM AIX information disclosure | M | |
| CVE-2023-40372 | IBM Db2 denial of service | | |
| CVE-2023-40373 | IBM Db2 denial of service | | |
| CVE-2023-40374 | IBM Db2 denial of service | S | |
| CVE-2023-40375 | IBM i privilege escalation | S | |
| CVE-2023-40376 | IBM UrbanCode Deploy (UCD) improper authentication controls | S | |
| CVE-2023-40377 | IBM i privilege escalation | S | |
| CVE-2023-40378 | IBM i privilege escalation | S | |
| CVE-2023-40383 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 1... | | |
| CVE-2023-40384 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fi... | | |
| CVE-2023-40385 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Sa... | | |
| CVE-2023-40386 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO... | | |
| CVE-2023-40388 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO... | | |
| CVE-2023-40389 | The issue was addressed with improved restriction of data container access. This issue is fixed in m... | | |
| CVE-2023-40390 | A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed ... | | |
| CVE-2023-40391 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iP... | | |
| CVE-2023-40392 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-40393 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 ... | | |
| CVE-2023-40394 | The issue was addressed with improved validation of environment variables. This issue is fixed in iO... | | |
| CVE-2023-40395 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 a... | | |
| CVE-2023-40396 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, ... | | |
| CVE-2023-40397 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote at... | | |
| CVE-2023-40398 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS B... | | |
| CVE-2023-40399 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iP... | | |
| CVE-2023-40400 | This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17,... | | |
| CVE-2023-40401 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2023-40402 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2023-40403 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tv... | | |
| CVE-2023-40404 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS S... | | |
| CVE-2023-40405 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-40406 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Vent... | | |
| CVE-2023-40407 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remot... | | |
| CVE-2023-40408 | An inconsistent user interface issue was addressed with improved state management. This issue is fix... | | |
| CVE-2023-40409 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tv... | | |
| CVE-2023-40410 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2023-40411 | This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An a... | | |
| CVE-2023-40412 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tv... | | |
| CVE-2023-40413 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS... | | |
| CVE-2023-40414 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS... | | |
| CVE-2023-40416 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17... | | |
| CVE-2023-40417 | A window management issue was addressed with improved state management. This issue is fixed in Safar... | | |
| CVE-2023-40418 | An authentication issue was addressed with improved state management. This issue is fixed in watchOS... | | |
| CVE-2023-40419 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, ... | | |
| CVE-2023-40420 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tv... | | |
| CVE-2023-40421 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2023-40422 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An ap... | | |
| CVE-2023-40423 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17... | | |
| CVE-2023-40424 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 1... | | |
| CVE-2023-40425 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-40426 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2023-40427 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6,... | | |
| CVE-2023-40428 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 1... | | |
| CVE-2023-40429 | A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 a... | | |
| CVE-2023-40430 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may... | | |
| CVE-2023-40431 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. ... | | |
| CVE-2023-40432 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iP... | | |
| CVE-2023-40433 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app ... | | |
| CVE-2023-40434 | A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and ... | | |
| CVE-2023-40435 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may b... | | |
| CVE-2023-40436 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An atta... | | |
| CVE-2023-40437 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-40438 | An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonom... | | |
| CVE-2023-40439 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-40440 | This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fi... | | |
| CVE-2023-40441 | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS... | | |
| CVE-2023-40442 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-40443 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app ma... | | |
| CVE-2023-40444 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2023-40445 | The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. ... | | |
| CVE-2023-40446 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1,... | | |
| CVE-2023-40447 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17... | | |
| CVE-2023-40448 | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.... | | |
| CVE-2023-40449 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17... | | |
| CVE-2023-40450 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may byp... | | |
| CVE-2023-40451 | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17.... | | |
| CVE-2023-40452 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS... | | |
| CVE-2023-40453 | Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide craft... | E | |
| CVE-2023-40454 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura... | | |
| CVE-2023-40455 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2023-40456 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, ... | | |
| CVE-2023-40457 | The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on ... | | |
| CVE-2023-40458 | AceManager DOS Vulnerability | | |
| CVE-2023-40459 | Improper input leads to DoS | | |
| CVE-2023-40460 | Improper input leads to DoS | | |
| CVE-2023-40461 | Cross-site scripting vulnerability in ACEManager | | |
| CVE-2023-40462 | Improper input leads to DoS | | |
| CVE-2023-40463 | Use of Hard-Coded Credentials | | |
| CVE-2023-40464 | Use of hardcoded certificate and private key | | |
| CVE-2023-40465 | Improper input leads to DoS | | |
| CVE-2023-40468 | PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-40469 | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-40470 | PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-40471 | PDF-XChange Editor App Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-40472 | PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability | | |
| CVE-2023-40473 | PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2023-40474 | GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-40475 | GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-40476 | GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-40477 | RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability | | |
| CVE-2023-40478 | NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-40479 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-40480 | NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-40481 | 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-40482 | Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-40483 | Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-40484 | Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-40485 | Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-40486 | Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-40487 | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-40488 | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-40489 | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-40490 | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-40491 | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-40492 | LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2023-40493 | LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2023-40494 | LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2023-40495 | LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2023-40496 | LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2023-40497 | LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2023-40498 | LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2023-40499 | LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2023-40500 | LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability | | |
| CVE-2023-40501 | LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability | | |
| CVE-2023-40502 | LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2023-40503 | LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability | | |
| CVE-2023-40504 | LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-40505 | LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability | | |
| CVE-2023-40506 | LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability | | |
| CVE-2023-40507 | LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability | | |
| CVE-2023-40508 | LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2023-40509 | LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2023-40510 | LG Simple Editor getServerSetting Authentication Bypass Vulnerability | | |
| CVE-2023-40511 | LG Simple Editor checkServer Authentication Bypass Vulnerability | | |
| CVE-2023-40512 | LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2023-40513 | LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2023-40514 | LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2023-40515 | LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability | | |
| CVE-2023-40516 | LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability | | |
| CVE-2023-40517 | LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2023-40518 | LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.... | | |
| CVE-2023-40519 | A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in B... | | |
| CVE-2023-40520 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, ... | | |
| CVE-2023-40528 | This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10... | | |
| CVE-2023-40529 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO... | | |
| CVE-2023-40530 | Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 a... | | |
| CVE-2023-40531 | Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a networ... | | |
| CVE-2023-40532 | Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author ... | | |
| CVE-2023-40533 | Rejected reason: This CVE ID is a duplicate of CVE-2022-40468 ... | R | |
| CVE-2023-40534 | BIG-IP HTTP/2 vulnerability | | |
| CVE-2023-40535 | Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allow... | | |
| CVE-2023-40536 | Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20... | | |
| CVE-2023-40537 | Multi-blade VIPRION Configuration utility session cookie vulnerability | | |
| CVE-2023-40539 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-40540 | Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow... | S | |
| CVE-2023-40541 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac... | | |
| CVE-2023-40542 | BIG-IP TCP Profile vulnerability | | |
| CVE-2023-40544 | Westermo Lynx Cleartext Transmission of Sensitive Information | M | |
| CVE-2023-40545 | PingFederate OAuth client_secret_jwt Authentication Bypass | | |
| CVE-2023-40546 | Shim: out-of-bounds read printing error messages | M | |
| CVE-2023-40547 | Shim: rce in http boot support may lead to secure boot bypass | M | |
| CVE-2023-40548 | Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems | M | |
| CVE-2023-40549 | Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file | M | |
| CVE-2023-40550 | Shim: out-of-bound read in verify_buffer_sbat() | | |
| CVE-2023-40551 | Shim: out of bounds read when parsing mz binaries | | |
| CVE-2023-40552 | WordPress Fitness calculators plugin Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40553 | WordPress Plausible Analytics Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40554 | WordPress Blog2Social Plugin <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40555 | WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection | S | |
| CVE-2023-40556 | WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-40557 | WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability | | |
| CVE-2023-40558 | WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-40559 | WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.4.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-40560 | WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40561 | Enhanced Ecommerce Google Analytics for WooCommerce | | |
| CVE-2023-40567 | Out-Of-Bounds Write in FreeRDP | E | |
| CVE-2023-40568 | Rejected reason: GitHub has been informed that the requestor is working with another CNA for these v... | R | |
| CVE-2023-40569 | Out-Of-Bounds Write in FreeRDP | E | |
| CVE-2023-40570 | Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users | S | |
| CVE-2023-40571 | weblogic-framework Deserialization of Untrusted Data vulnerability | | |
| CVE-2023-40572 | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | E S | |
| CVE-2023-40573 | XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution | E S | |
| CVE-2023-40574 | Out-Of-Bounds Write in FreeRDP | E | |
| CVE-2023-40575 | Out-Of-Bounds Read in FreeRDP | E | |
| CVE-2023-40576 | Out-Of-Bounds Read in FreeRDP | E | |
| CVE-2023-40577 | Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint | | |
| CVE-2023-40579 | OpenFGA Authorization Bypass | | |
| CVE-2023-40580 | Freighter mnemonic phrase may be accessed by Javascript through a private API | S | |
| CVE-2023-40581 | yt-dlp command injection when using `%q` in `--exec` on Windows | E S | |
| CVE-2023-40582 | Command Injection Vulnerability in find-exec | S | |
| CVE-2023-40583 | libp2p nodes vulnerable to OOM attack | S | |
| CVE-2023-40584 | Denial of Service to Argo CD repo-server | S | |
| CVE-2023-40585 | Unauthenticated access to Ironic API | S | |
| CVE-2023-40586 | go package github.com/corazawaf/coraza is vulnerable to denial of service | S | |
| CVE-2023-40587 | Pyramid static view path traversal up one directory | S | |
| CVE-2023-40588 | Discourse DoS via 2FA and Security Key Names | | |
| CVE-2023-40589 | FreeRDP Global-Buffer-Overflow in ncrush_decompress | E S | |
| CVE-2023-40590 | Untrusted search path on Windows systems leading to arbitrary code execution | E M | |
| CVE-2023-40591 | Denial of service via malicious p2p message in go-ethereum | | |
| CVE-2023-40592 | Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint | | |
| CVE-2023-40593 | Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request | | |
| CVE-2023-40594 | Denial of Service (DoS) via the ‘printf’ Search Function | | |
| CVE-2023-40595 | Remote Code Execution via Serialized Session Payload | | |
| CVE-2023-40596 | Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL | | |
| CVE-2023-40597 | Absolute Path Traversal in Splunk Enterprise Using runshellscript.py | | |
| CVE-2023-40598 | Command Injection in Splunk Enterprise Using External Lookups | | |
| CVE-2023-40599 | Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3... | | |
| CVE-2023-40600 | WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-40601 | WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40602 | WordPress Doofinder for WooCommerce Plugin <= 1.5.49 is vulnerable to Open Redirection | S | |
| CVE-2023-40603 | WordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerability | | |
| CVE-2023-40604 | WordPress Cookies by JM Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40605 | WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40606 | WordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Arbitrary Code Execution | | |
| CVE-2023-40607 | WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-40608 | WordPress Paid Memberships Pro CCBill Gateway plugin <= 0.3 - Unauthenticated Broken Access Control vulnerability | S | |
| CVE-2023-40609 | WordPress Contact form 7 Custom validation Plugin <= 1.1.3 is vulnerable to SQL Injection | | |
| CVE-2023-40610 | Apache Superset: Privilege escalation with default examples database | | |
| CVE-2023-40611 | Apache Airflow Dag Runs Broken Access Control Vulnerability | S | |
| CVE-2023-40612 | Authenticated XXE Injection Via The File Editor | S | |
| CVE-2023-40617 | A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote... | | |
| CVE-2023-40618 | A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, ... | E | |
| CVE-2023-40619 | phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to r... | | |
| CVE-2023-40621 | Code Injection vulnerability in SAP PowerDesigner Client | | |
| CVE-2023-40622 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management) | | |
| CVE-2023-40623 | Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer) | | |
| CVE-2023-40624 | Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering) | | |
| CVE-2023-40625 | Missing Authorization check in SAP Manage Purchase Contracts App | | |
| CVE-2023-40626 | [20231101] - Core - Exposure of environment variables | | |
| CVE-2023-40627 | Extension - MLWebTechnologies - Reflected XSS in LivingWord component for Joomla 1.0.0-3.0.0 | | |
| CVE-2023-40628 | Extension - Extplorer.net - Reflected XSS in Extplorer component for Joomla 1.0.0-2.1.15 | | |
| CVE-2023-40629 | Extension - king-products.net - SQLi vulnerability in LMS Lite component for Joomla 1.0.0-3.3.0.1 | | |
| CVE-2023-40630 | Extension - joomcode.com - Unauthenticated LFI/SSRF in JCDashboards component for Joomla 1.0.0-1.1.30 | | |
| CVE-2023-40631 | In Dialer, there is a possible missing permission check. This could lead to local information disclo... | | |
| CVE-2023-40632 | In jpg driver, there is a possible use after free due to a logic error. This could lead to remote in... | | |
| CVE-2023-40633 | In phasecheckserver, there is a possible missing permission check. This could lead to local informat... | | |
| CVE-2023-40634 | In phasechecksercer, there is a possible missing permission check. This could lead to local escalati... | | |
| CVE-2023-40635 | In linkturbo, there is a possible missing permission check. This could lead to local escalation of p... | | |
| CVE-2023-40636 | In telecom service, there is a possible way to write permission usage records of an app due to a mis... | | |
| CVE-2023-40637 | In telecom service, there is a possible missing permission check. This could lead to local informati... | | |
| CVE-2023-40638 | In Telecom service, there is a possible missing permission check. This could lead to local denial of... | | |
| CVE-2023-40639 | In SoundRecorder service, there is a possible missing permission check. This could lead to local inf... | | |
| CVE-2023-40640 | In SoundRecorder service, there is a possible missing permission check. This could lead to local inf... | | |
| CVE-2023-40641 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40642 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40643 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40644 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40645 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40646 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40647 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40648 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40649 | In Messaging, there is a possible missing permission check. This could lead to local information dis... | | |
| CVE-2023-40650 | In Telecom service, there is a possible missing permission check. This could lead to local informati... | | |
| CVE-2023-40651 | In urild service, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2023-40652 | In jpg driver, there is a possible out of bounds write due to improper input validation. This could ... | | |
| CVE-2023-40653 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalat... | | |
| CVE-2023-40654 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalat... | | |
| CVE-2023-40655 | Extension - mooj.org - Reflected XSS in Proforms Basic component for Joomla <= 1.6.0 | | |
| CVE-2023-40656 | Extension - plasma-web.ru - Reflected XSS in Quickform component for Joomla 1.0.0-3.3.01 | | |
| CVE-2023-40657 | Extension - artio.net - Reflected XSS in Joomdoc component for Joomla 1.0.0-4.0.5 | | |
| CVE-2023-40658 | Extension - deconf.net - Reflected XSS in Clicky Analytics Dashboard module for Joomla 1.0.0-1.3.1 | | |
| CVE-2023-40659 | Extension - joomboost.com - Reflected XSS in Easy Quick Contact module for Joomla 1.0.0-1.3.0 | | |
| CVE-2023-40660 | Opensc: potential pin bypass when card tracks its own login state | | |
| CVE-2023-40661 | Opensc: multiple memory issues with pkcs15-init (enrollment tool) | | |
| CVE-2023-40662 | WordPress Cookies and Content Security Policy Plugin <= 2.15 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-40663 | WordPress WP VR Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40664 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40665 | WordPress Save as Image plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40667 | WordPress Simple URLs Plugin <= 117 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40668 | WordPress Save as PDF plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40669 | WordPress Collapse-O-Matic Plugin <= 1.8.5.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40670 | WordPress ReviewX plugin <= 1.6.17 - Broken Access Control vulnerability | S | |
| CVE-2023-40671 | WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-40672 | WordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerability | | |
| CVE-2023-40673 | WordPress Cartpauj Register Captcha plugin <= 1.0.02 - Captcha Bypass vulnerability | S | |
| CVE-2023-40674 | WordPress Simple URLs Plugin <= 118 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40675 | WordPress Landing Page Builder Plugin <= 1.5.1.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40676 | WordPress Slimstat Analytics Plugin <= 5.0.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40677 | WordPress Vertical Marquee Plugin Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-40678 | WordPress Simple URLs plugin <= 117 - Broken Access Control vulnerability | S | |
| CVE-2023-40680 | WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40681 | WordPress Groundhogg Plugin <= 2.7.11.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-40682 | IBM App Connect Enterprise information disclosure | | |
| CVE-2023-40683 | IBM OpenPages with Watson privilege escalation | S | |
| CVE-2023-40684 | IBM Content Navigator cross-site scripting | | |
| CVE-2023-40685 | IBM i privilege escalation | S | |
| CVE-2023-40686 | IBM i privilege escalation | S | |
| CVE-2023-40687 | IBM Db2 denial of service | | |
| CVE-2023-40691 | IBM Cloud Pak for Business Automation information disclosure | S | |
| CVE-2023-40692 | IBM Db2 denial of service | S | |
| CVE-2023-40694 | IBM Watson CP4D Data Stores information disclosure | | |
| CVE-2023-40695 | IBM Cognos Controller session fixation | | |
| CVE-2023-40696 | IBM Cognos Controller information disclosure | | |
| CVE-2023-40699 | IBM InfoSphere Information Server denial of service | S | |
| CVE-2023-40702 | PingOne MFA Integration Kit MFA bypass | M | |
| CVE-2023-40703 | Denial of Service via specially crafted block fields in Mattermost Boards | S | |
| CVE-2023-40704 | Philips Vue PACS Use of Default Credentials | S | |
| CVE-2023-40705 | Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows... | | |
| CVE-2023-40706 | Improper Restriction of Excessive Authentication Attempts in OPTO 22 SNAP PAC S1 Built-in Web Server | | |
| CVE-2023-40707 | Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server | | |
| CVE-2023-40708 | Improper Access Control in OPTO 22 SNAP PAC S1 | | |
| CVE-2023-40709 | Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server | | |
| CVE-2023-40710 | An adversary could cause a continuous restart loop to the entire device by sending a large quantity ... | | |
| CVE-2023-40711 | Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelo... | | |
| CVE-2023-40712 | Apache Airflow: Secrets can be unmasked in the "Rendered Template" | S | |
| CVE-2023-40714 | A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6... | S | |
| CVE-2023-40715 | A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.... | S | |
| CVE-2023-40716 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the ... | S | |
| CVE-2023-40717 | A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow... | S | |
| CVE-2023-40718 | A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to ... | S | |
| CVE-2023-40719 | A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0... | S | |
| CVE-2023-40720 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise ... | S | |
| CVE-2023-40721 | A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4... | S | |
| CVE-2023-40723 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 th... | S | |
| CVE-2023-40724 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are ... | | |
| CVE-2023-40725 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected applicat... | | |
| CVE-2023-40726 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected applicat... | | |
| CVE-2023-40727 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module... | | |
| CVE-2023-40728 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module... | | |
| CVE-2023-40729 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected applicat... | | |
| CVE-2023-40730 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module... | | |
| CVE-2023-40731 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected applicat... | | |
| CVE-2023-40732 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module... | | |
| CVE-2023-40735 | Butterfly Button Project - Sensitive Information Disclosure | | |
| CVE-2023-40743 | Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService | S | |
| CVE-2023-40744 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or... | R | |
| CVE-2023-40745 | Libtiff: integer overflow in tiffcp.c | | |
| CVE-2023-40747 | Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs... | | |
| CVE-2023-40748 | PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of... | | |
| CVE-2023-40749 | PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of ind... | | |
| CVE-2023-40750 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJab... | | |
| CVE-2023-40751 | PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" para... | | |
| CVE-2023-40752 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJab... | | |
| CVE-2023-40753 | There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabb... | | |
| CVE-2023-40754 | In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or pass... | | |
| CVE-2023-40755 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJa... | | |
| CVE-2023-40756 | User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password reco... | | |
| CVE-2023-40757 | User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password... | | |
| CVE-2023-40758 | User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password rec... | | |
| CVE-2023-40759 | User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during pa... | | |
| CVE-2023-40760 | User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during passwor... | | |
| CVE-2023-40761 | User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password... | | |
| CVE-2023-40762 | User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password r... | | |
| CVE-2023-40763 | User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password ... | | |
| CVE-2023-40764 | User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password r... | | |
| CVE-2023-40765 | User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during passwo... | | |
| CVE-2023-40766 | User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during pass... | | |
| CVE-2023-40767 | User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during passw... | | |
| CVE-2023-40771 | SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive inform... | E | |
| CVE-2023-40779 | An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitra... | | |
| CVE-2023-40781 | Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial ... | S | |
| CVE-2023-40784 | DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.... | | |
| CVE-2023-40786 | HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be... | E | |
| CVE-2023-40787 | In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped... | | |
| CVE-2023-40788 | SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the... | E | |
| CVE-2023-40790 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-40791 | extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a ... | E S | |
| CVE-2023-40796 | Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the functio... | | |
| CVE-2023-40797 | In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by t... | E | |
| CVE-2023-40798 | In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authen... | E | |
| CVE-2023-40799 | Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.... | E | |
| CVE-2023-40800 | The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a ... | E | |
| CVE-2023-40801 | The sub_451784 function does not validate the parameters entered by the user, resulting in a stack o... | E | |
| CVE-2023-40802 | The get_parentControl_list_Info function does not verify the parameters entered by the user, causing... | E | |
| CVE-2023-40809 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Numb... | E | |
| CVE-2023-40810 | OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.... | E | |
| CVE-2023-40812 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.... | E | |
| CVE-2023-40813 | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.... | E | |
| CVE-2023-40814 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.... | E | |
| CVE-2023-40815 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.... | E | |
| CVE-2023-40816 | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.... | E | |
| CVE-2023-40817 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.... | E | |
| CVE-2023-40819 | ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resul... | E | |
| CVE-2023-40825 | An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via craft... | E | |
| CVE-2023-40826 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information an... | E | |
| CVE-2023-40827 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information an... | E S | |
| CVE-2023-40828 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information an... | S | |
| CVE-2023-40829 | There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wech... | | |
| CVE-2023-40830 | Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the l... | | |
| CVE-2023-40833 | An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key pa... | | |
| CVE-2023-40834 | OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excess... | E | |
| CVE-2023-40837 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution... | | |
| CVE-2023-40838 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution... | E | |
| CVE-2023-40839 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution... | | |
| CVE-2023-40840 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fr... | | |
| CVE-2023-40841 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "ad... | | |
| CVE-2023-40842 | Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R... | | |
| CVE-2023-40843 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "su... | | |
| CVE-2023-40844 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'fo... | | |
| CVE-2023-40845 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'su... | | |
| CVE-2023-40846 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub... | E | |
| CVE-2023-40847 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function... | | |
| CVE-2023-40848 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function... | | |
| CVE-2023-40850 | netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website ... | E | |
| CVE-2023-40851 | Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management... | E | |
| CVE-2023-40852 | SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With ... | E | |
| CVE-2023-40857 | Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtira... | E | |
| CVE-2023-40868 | Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote atta... | E | |
| CVE-2023-40869 | Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote a... | E | |
| CVE-2023-40874 | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vu... | E | |
| CVE-2023-40875 | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vu... | E | |
| CVE-2023-40876 | DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerabi... | E | |
| CVE-2023-40877 | DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerabi... | E | |
| CVE-2023-40889 | A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Special... | | |
| CVE-2023-40890 | A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. ... | | |
| CVE-2023-40891 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter f... | E | |
| CVE-2023-40892 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter s... | E | |
| CVE-2023-40893 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter t... | E | |
| CVE-2023-40894 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter l... | E | |
| CVE-2023-40895 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter l... | E | |
| CVE-2023-40896 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter l... | E | |
| CVE-2023-40897 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter m... | E | |
| CVE-2023-40898 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter t... | E | |
| CVE-2023-40899 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter m... | E | |
| CVE-2023-40900 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter l... | E | |
| CVE-2023-40901 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | E | |
| CVE-2023-40902 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | E | |
| CVE-2023-40904 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter... | E | |
| CVE-2023-40915 | Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_sett... | E | |
| CVE-2023-40918 | KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new u... | E | |
| CVE-2023-40920 | Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the com... | E S | |
| CVE-2023-40921 | SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 ... | S | |
| CVE-2023-40922 | kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart pa... | S | |
| CVE-2023-40923 | MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabil... | S | |
| CVE-2023-40924 | SolarView Compact < 6.00 is vulnerable to Directory Traversal.... | E | |
| CVE-2023-40930 | An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory... | E | |
| CVE-2023-40931 | A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows aut... | | |
| CVE-2023-40932 | A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticate... | | |
| CVE-2023-40933 | A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with ann... | | |
| CVE-2023-40934 | A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with priv... | | |
| CVE-2023-40936 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-40937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-40942 | Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value... | E | |
| CVE-2023-40943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-40944 | Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.... | E | |
| CVE-2023-40945 | Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid ... | E | |
| CVE-2023-40946 | Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogi... | E | |
| CVE-2023-40953 | icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).... | | |
| CVE-2023-40954 | A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0... | E S | |
| CVE-2023-40955 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v... | E | |
| CVE-2023-40956 | A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated ... | E | |
| CVE-2023-40957 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v... | E | |
| CVE-2023-40958 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v... | E | |
| CVE-2023-40968 | Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a... | E S | |
| CVE-2023-40969 | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forger... | E | |
| CVE-2023-40970 | Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/m... | E | |
| CVE-2023-40980 | File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to ex... | E | |
| CVE-2023-40982 | A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbit... | E | |
| CVE-2023-40983 | A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 a... | E | |
| CVE-2023-40984 | A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 a... | E | |
| CVE-2023-40985 | An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploi... | E | |
| CVE-2023-40986 | A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2... | E | |
| CVE-2023-40989 | SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to exe... | | |
| CVE-2023-40997 | Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote at... | E | |
| CVE-2023-40998 | Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote at... | E |