| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-41000 | GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in ... | E S | |
| CVE-2023-41005 | An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownlo... | E | |
| CVE-2023-41009 | File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary c... | E | |
| CVE-2023-41010 | Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tia... | E | |
| CVE-2023-41011 | Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway... | E | |
| CVE-2023-41012 | An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a re... | E | |
| CVE-2023-41013 | Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject a... | | |
| CVE-2023-41014 | code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter fo... | | |
| CVE-2023-41015 | code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?J... | | |
| CVE-2023-41027 | Juplink RX4-1500 Credential Disclosure Vulnerability | | |
| CVE-2023-41028 | Juplink RX4-1500 Stack-based Buffer Overflow Vulnerability | | |
| CVE-2023-41029 | Juplink RX4-1500 Command Injection Vulnerability | | |
| CVE-2023-41030 | Juplink RX4-1500 Hard-coded Credential Vulnerability | | |
| CVE-2023-41031 | Juplink RX4-1500 homemng.htm Command Injection Vulnerability | | |
| CVE-2023-41032 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (... | | |
| CVE-2023-41033 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (... | | |
| CVE-2023-41034 | DDFFileParser in eclipse leshan is vulnerable to XXE Attacks | S | |
| CVE-2023-41036 | Macvim's Insecure Usage of IPC Mechanisms | E S | |
| CVE-2023-41037 | Cleartext Signed Message Signature Spoofing in openpgpjs | E S | |
| CVE-2023-41038 | Server crash when using specific form of SET BIND statement | | |
| CVE-2023-41039 | Sandbox escape via various forms of "format" in RestrictedPython | S | |
| CVE-2023-41040 | GitPython blind local file inclusion | E | |
| CVE-2023-41041 | User session is still usable after logout in graylog2-server | E S | |
| CVE-2023-41042 | Discourse DoS via remote theme assets | | |
| CVE-2023-41043 | Discourse DoS via SvgSprite cache | | |
| CVE-2023-41044 | Partial path traversal vulnerability in Support Bundle feature of Graylog | E S | |
| CVE-2023-41045 | Insecure source port usage for DNS queries in Graylog | E S | |
| CVE-2023-41046 | Velocity execution without script rights in Xwiki platform | S | |
| CVE-2023-41047 | Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint | S | |
| CVE-2023-41048 | plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images | S | |
| CVE-2023-41049 | Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client | S | |
| CVE-2023-41050 | Information disclosure through Python's "format" functionality in Zope AccessControl | S | |
| CVE-2023-41051 | Default functions in VolatileMemory trait lack bounds checks in vm-memory | S | |
| CVE-2023-41052 | Vyper: incorrect order of evaluation of side effects for some builtins | E S | |
| CVE-2023-41053 | Redis SORT_RO may bypass ACL configuration | S | |
| CVE-2023-41054 | LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php | E S | |
| CVE-2023-41055 | LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie | E S | |
| CVE-2023-41056 | Redis vulnerable to integer overflow in certain payloads | | |
| CVE-2023-41057 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it | E S | |
| CVE-2023-41058 | Trigger `beforeFind` not invoked in internal query pipeline in parse-server | S | |
| CVE-2023-41060 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, i... | | |
| CVE-2023-41061 | A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6... | KEV | |
| CVE-2023-41063 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tv... | | |
| CVE-2023-41064 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6... | KEV | |
| CVE-2023-41065 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-41066 | An authentication issue was addressed with improved state management. This issue is fixed in macOS S... | | |
| CVE-2023-41067 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may... | | |
| CVE-2023-41068 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS... | | |
| CVE-2023-41069 | This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 an... | | |
| CVE-2023-41070 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.... | | |
| CVE-2023-41071 | A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17... | | |
| CVE-2023-41072 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-41073 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Ve... | | |
| CVE-2023-41074 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10,... | | |
| CVE-2023-41075 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7... | | |
| CVE-2023-41076 | An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed ... | | |
| CVE-2023-41077 | An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Vent... | | |
| CVE-2023-41078 | An authorization issue was addressed with improved state management. This issue is fixed in macOS So... | | |
| CVE-2023-41079 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An ... | | |
| CVE-2023-41080 | Apache Tomcat: Open redirect with FORM authentication | S | |
| CVE-2023-41081 | Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request | | |
| CVE-2023-41082 | Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authen... | | |
| CVE-2023-41084 | Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking | S | |
| CVE-2023-41085 | BIG-IP IPSEC vulnerability | | |
| CVE-2023-41086 | Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point d... | | |
| CVE-2023-41088 | Cleartext Transmission of Sensitive Information in DEXMA DEXGate | | |
| CVE-2023-41089 | Improper Authentication in DEXMA DEXGate | | |
| CVE-2023-41090 | Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to poten... | | |
| CVE-2023-41091 | Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an ... | | |
| CVE-2023-41092 | Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before ve... | | |
| CVE-2023-41093 | Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle reuse | | |
| CVE-2023-41094 | Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet | | |
| CVE-2023-41095 | Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices | | |
| CVE-2023-41096 | Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices | | |
| CVE-2023-41097 | Potential Timing vulnerability in CBC PKCS7 padding calculations | S | |
| CVE-2023-41098 | An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS... | S | |
| CVE-2023-41099 | In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can... | | |
| CVE-2023-41100 | An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3... | S | |
| CVE-2023-41101 | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_mi... | S | |
| CVE-2023-41102 | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memo... | S | |
| CVE-2023-41103 | Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an... | | |
| CVE-2023-41104 | libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-boun... | S | |
| CVE-2023-41105 | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to ... | S | |
| CVE-2023-41106 | An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to ... | | |
| CVE-2023-41107 | TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.... | E | |
| CVE-2023-41108 | TEF portal 2023-07-17 is vulnerable to authenticated remote code execution.... | E | |
| CVE-2023-41109 | SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.... | E | |
| CVE-2023-41111 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and M... | | |
| CVE-2023-41112 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and M... | | |
| CVE-2023-41113 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41114 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41115 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41116 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41117 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41118 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41119 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41120 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before... | | |
| CVE-2023-41121 | Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service pro... | S | |
| CVE-2023-41122 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-41123 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-41124 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-41125 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-41126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-41127 | WordPress Evergreen Content Poster Plugin <= 1.3.6.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41128 | WordPress WP Roadmap Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41129 | WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41130 | WordPress Premmerce User Roles plugin <= 1.0.12 - Broken Access Control vulnerability | S | |
| CVE-2023-41131 | WordPress Sp*tify Play Button for WordPress Plugin <= 2.10 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41132 | WordPress Category Slider for WooCommerce plugin <= 1.4.15 - Broken Access Control vulnerability | S | |
| CVE-2023-41133 | WordPress Secure Admin IP plugin <= 2.0 - IP Spoofing vulnerability | | |
| CVE-2023-41134 | WordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerability | S | |
| CVE-2023-41136 | WordPress Simple Long Form Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41137 | Symmetric encryption used to protect messages between the AppsAnywhere server and client can be brok... | | |
| CVE-2023-41138 | The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands wit... | | |
| CVE-2023-41139 | A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to der... | | |
| CVE-2023-41140 | A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cau... | | |
| CVE-2023-41145 | Autodesk users who no longer have an active license for an account can still access cases for that a... | | |
| CVE-2023-41146 | Autodesk Customer Support Portal allows cases created by users under an account to see cases created... | | |
| CVE-2023-41149 | F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vuln... | | |
| CVE-2023-41150 | F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vu... | | |
| CVE-2023-41151 | An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating s... | | |
| CVE-2023-41152 | A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 all... | | |
| CVE-2023-41153 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allo... | | |
| CVE-2023-41154 | A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 al... | | |
| CVE-2023-41155 | A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin a... | | |
| CVE-2023-41156 | A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.00... | | |
| CVE-2023-41157 | Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers t... | | |
| CVE-2023-41158 | A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 all... | | |
| CVE-2023-41159 | A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2... | | |
| CVE-2023-41160 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allo... | E | |
| CVE-2023-41161 | Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers t... | | |
| CVE-2023-41162 | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows... | | |
| CVE-2023-41163 | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows... | | |
| CVE-2023-41164 | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_i... | | |
| CVE-2023-41165 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.... | | |
| CVE-2023-41166 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3... | | |
| CVE-2023-41167 | @webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a rea... | | |
| CVE-2023-41168 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of ... | | |
| CVE-2023-41169 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of ... | | |
| CVE-2023-41170 | NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability.... | | |
| CVE-2023-41171 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of ... | | |
| CVE-2023-41172 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of ... | | |
| CVE-2023-41173 | AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packet... | | |
| CVE-2023-41174 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iP... | | |
| CVE-2023-41175 | Libtiff: potential integer overflow in raw2tiff.c | | |
| CVE-2023-41176 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) cou... | | |
| CVE-2023-41177 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) cou... | | |
| CVE-2023-41178 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) cou... | | |
| CVE-2023-41179 | A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem an... | KEV | |
| CVE-2023-41180 | Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++ | | |
| CVE-2023-41181 | LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2023-41182 | NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2023-41183 | NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability | | |
| CVE-2023-41184 | TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-41185 | Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability | | |
| CVE-2023-41186 | D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability | M | |
| CVE-2023-41187 | D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability | M | |
| CVE-2023-41188 | D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41189 | D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41190 | D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41191 | D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41192 | D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41193 | D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41194 | D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41195 | D-Link DAP-1325 HNAP SetHostIPv6Settings IPv6Mode Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41196 | D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41197 | D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41198 | D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41199 | D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41200 | D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41201 | D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-41202 | D-Link DAP-1325 SetAPLanSettings Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41203 | D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41204 | D-Link DAP-1325 SetAPLanSettings SecondaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41205 | D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41206 | D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41207 | D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41208 | D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41209 | D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41210 | D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41211 | D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41212 | D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41213 | D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41214 | D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-41215 | D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41216 | D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41217 | D-Link DIR-3040 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41218 | D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41219 | D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41220 | D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41221 | D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41222 | D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41223 | D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41224 | D-Link DIR-3040 prog.cgi SetDeviceSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41225 | D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41226 | D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41227 | D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41228 | D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41229 | D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41230 | D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2023-41231 | Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may ... | | |
| CVE-2023-41232 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mont... | | |
| CVE-2023-41233 | Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce vers... | | |
| CVE-2023-41234 | NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an aut... | | |
| CVE-2023-41235 | WordPress Everest News Pro Theme <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41236 | WordPress Happy Elementor Addons Pro Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41237 | WordPress Arya Multipurpose Pro Theme <= 1.0.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41238 | WordPress Social Media & Share Icons Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41239 | WordPress PowerPress Podcasting Plugin <= 11.0.6 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-41240 | WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability | | |
| CVE-2023-41241 | WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41242 | WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41243 | WordPress WPvivid Backup Plugin plugin <= 0.9.90 - Privilege Escalation on Staging Environment vulnerability | S | |
| CVE-2023-41244 | WordPress Localize Remote Images Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41248 | In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration... | | |
| CVE-2023-41249 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step... | | |
| CVE-2023-41250 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration... | | |
| CVE-2023-41251 | A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl... | | |
| CVE-2023-41252 | Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 ... | | |
| CVE-2023-41253 | BIG-IP DNS TSIG Key vulnerability | | |
| CVE-2023-41254 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2023-41255 | The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to ga... | M | |
| CVE-2023-41256 | Dover Fueling Solutions MAGLINK LX Console Authentication Bypass | S | |
| CVE-2023-41257 | A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value prope... | | |
| CVE-2023-41259 | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure ... | | |
| CVE-2023-41260 | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in... | | |
| CVE-2023-41261 | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportR... | E | |
| CVE-2023-41262 | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportR... | E | |
| CVE-2023-41263 | An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticate... | E | |
| CVE-2023-41264 | Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authenti... | E | |
| CVE-2023-41265 | An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May ... | KEV | |
| CVE-2023-41266 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patc... | KEV | |
| CVE-2023-41267 | Apache HDFS Provider error message suggested installation of incorrect pip package | S | |
| CVE-2023-41268 | Possible stack overflow due to insufficient input validation | S | |
| CVE-2023-41269 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2023-41270 | Samsung Smart TV UE40D7000 WPS DoS attack | E | |
| CVE-2023-41273 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41274 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41275 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41276 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41277 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41278 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41279 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41280 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41281 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41282 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41283 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41284 | QuMagie | S | |
| CVE-2023-41285 | QuMagie | S | |
| CVE-2023-41287 | Video Station | S | |
| CVE-2023-41288 | Video Station | S | |
| CVE-2023-41289 | QcalAgent | S | |
| CVE-2023-41290 | QuFirewall | S | |
| CVE-2023-41291 | QuFirewall | S | |
| CVE-2023-41292 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-41293 | Data security classification vulnerability in the DDMP module. Successful exploitation of this vulne... | | |
| CVE-2023-41294 | The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability ma... | | |
| CVE-2023-41295 | Vulnerability of improper permission management in the displayengine module. Successful exploitation... | | |
| CVE-2023-41296 | Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnera... | | |
| CVE-2023-41297 | Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exp... | | |
| CVE-2023-41298 | Vulnerability of permission control in the window module. Successful exploitation of this vulnerabil... | | |
| CVE-2023-41299 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys... | | |
| CVE-2023-41300 | Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation o... | | |
| CVE-2023-41301 | Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerab... | | |
| CVE-2023-41302 | Redirection permission verification vulnerability in the home screen module. Successful exploitation... | | |
| CVE-2023-41303 | Command injection vulnerability in the distributed file system module. Successful exploitation of th... | | |
| CVE-2023-41304 | Parameter verification vulnerability in the window module.Successful exploitation of this vulnerabil... | | |
| CVE-2023-41305 | Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS mess... | | |
| CVE-2023-41306 | Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful e... | | |
| CVE-2023-41307 | Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerabili... | | |
| CVE-2023-41308 | Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affe... | | |
| CVE-2023-41309 | Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of t... | | |
| CVE-2023-41310 | Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerab... | | |
| CVE-2023-41311 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability ... | | |
| CVE-2023-41312 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability ... | | |
| CVE-2023-41313 | Apache Doris: Timing Attack weakness | | |
| CVE-2023-41314 | Apache Doris: Missing API authentication allowed DoS | | |
| CVE-2023-41316 | HTML Injection with email in Tolgee | E S | |
| CVE-2023-41317 | Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router | S | |
| CVE-2023-41318 | Unsafe media served inline on download endpoints in matrix-media-repo | S | |
| CVE-2023-41319 | Remote Code Execution in Custom Integration Upload in Fides | S | |
| CVE-2023-41320 | Account takeover via SQL Injection in UI layout preferences in GLPI | | |
| CVE-2023-41321 | Sensitive fields enumeration through API in GLPI | | |
| CVE-2023-41322 | Privilege Escalation from technician to super-admin in GLPI | | |
| CVE-2023-41323 | Users login enumeration by unauthenticated user in GLPI | | |
| CVE-2023-41324 | Account takeover through API in GLPI | | |
| CVE-2023-41325 | OP-TEE double free in shdr_verify_signature | E S | |
| CVE-2023-41326 | Account takeover via Kanban feature in GLPI | | |
| CVE-2023-41327 | Controlled SSRF through URL in the WireMock | S | |
| CVE-2023-41328 | Possibility limited SQL injection due to insufficient validation in Frappe | | |
| CVE-2023-41329 | Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio | | |
| CVE-2023-41330 | Unsafe deserialization in knplabs/knp-snappy | E S | |
| CVE-2023-41331 | SOFARPC Remote Command Execution (RCE) Vulnerability | M | |
| CVE-2023-41332 | Denial of service via Kubernetes annotations in specific Cilium configurations | E S | |
| CVE-2023-41333 | Bypass of namespace restrictions in CiliumNetworkPolicy | S | |
| CVE-2023-41334 | astropy vulnerable to RCE in TranformGraph().to_dot_graph function | | |
| CVE-2023-41335 | Temporary storage of plaintext passwords during password changes in matrix synapse | S | |
| CVE-2023-41336 | Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete | S | |
| CVE-2023-41337 | h2o vulnerable to TLS session resumption misdirection | S | |
| CVE-2023-41338 | Vulnerability in Ctx.IsFromLocal() in gofiber | S | |
| CVE-2023-41339 | Unsecured WMS dynamic styling sld= | M | |
| CVE-2023-41343 | Ragic No-Code Database Builder - Stored XSS | S | |
| CVE-2023-41344 | NCSIST ManageEngine MDM - Path Traversal | S | |
| CVE-2023-41345 | ASUS RT-AX55 - command injection - 1 | S | |
| CVE-2023-41346 | ASUS RT-AX55 - command injection - 2 | S | |
| CVE-2023-41347 | ASUS RT-AX55 - command injection - 3 | S | |
| CVE-2023-41348 | ASUS RT-AX55 - command injection - 4 | S | |
| CVE-2023-41349 | ASUS RT-AX88U - externally-controlled format string | S | |
| CVE-2023-41350 | Chunghwa Telecom NOKIA G-040W-Q - Excessive Authentication Attempts | S | |
| CVE-2023-41351 | Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control | S | |
| CVE-2023-41352 | Chunghwa Telecom NOKIA G-040W-Q - Command Injection | S | |
| CVE-2023-41353 | Chunghwa Telecom NOKIA G-040W-Q - Weak Password Requirements | S | |
| CVE-2023-41354 | Chunghwa Telecom NOKIA G-040W-Q - Exposure of Sensitive Information | S | |
| CVE-2023-41355 | Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation | S | |
| CVE-2023-41356 | WisdomGarden Tronclass ilearn - Path Traversal | S | |
| CVE-2023-41357 | Galaxy Software Services Vitals ESP - Arbitrary File Upload | S | |
| CVE-2023-41358 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attri... | S | |
| CVE-2023-41359 | An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aig... | S | |
| CVE-2023-41360 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of... | S | |
| CVE-2023-41361 | An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large len... | S | |
| CVE-2023-41362 | MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin C... | S | |
| CVE-2023-41363 | In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change us... | S | |
| CVE-2023-41364 | In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.... | E | |
| CVE-2023-41365 | Information Disclosure vulnerability in SAP Business One (B1i) | | |
| CVE-2023-41366 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | | |
| CVE-2023-41367 | Missing Authentication check in SAP NetWeaver (Guided Procedures) | | |
| CVE-2023-41368 | Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps) | | |
| CVE-2023-41369 | External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application) | | |
| CVE-2023-41372 | The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify th... | M | |
| CVE-2023-41373 | BIG-IP Configuration Utility vulnerability | | |
| CVE-2023-41374 | Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary ... | | |
| CVE-2023-41375 | Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary c... | | |
| CVE-2023-41376 | Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-t... | E | |
| CVE-2023-41377 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2023-41378 | Calico Typha hangs during unclean TLS handshake | S | |
| CVE-2023-41387 | A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers t... | E | |
| CVE-2023-41419 | An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a craft... | E S | |
| CVE-2023-41423 | Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to exe... | E | |
| CVE-2023-41425 | Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to ex... | E | |
| CVE-2023-41436 | Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary co... | E | |
| CVE-2023-41442 | An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote... | E | |
| CVE-2023-41443 | SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code... | E | |
| CVE-2023-41444 | An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code ... | E | |
| CVE-2023-41445 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to exec... | E | |
| CVE-2023-41446 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to exec... | E | |
| CVE-2023-41447 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to exec... | E | |
| CVE-2023-41448 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to exec... | E | |
| CVE-2023-41449 | An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a ... | E | |
| CVE-2023-41450 | An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a ... | E | |
| CVE-2023-41451 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to exec... | E | |
| CVE-2023-41452 | Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker t... | E | |
| CVE-2023-41453 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to exec... | E | |
| CVE-2023-41474 | Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attack... | E | |
| CVE-2023-41484 | An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a cra... | E | |
| CVE-2023-41503 | Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login... | | |
| CVE-2023-41504 | SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code ... | E | |
| CVE-2023-41505 | An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enro... | | |
| CVE-2023-41506 | An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Stud... | | |
| CVE-2023-41507 | Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the stor... | E | |
| CVE-2023-41508 | A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel... | E | |
| CVE-2023-41537 | phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword... | E | |
| CVE-2023-41538 | phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword paramete... | E | |
| CVE-2023-41539 | phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.... | E | |
| CVE-2023-41542 | SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privile... | E | |
| CVE-2023-41543 | SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and... | E | |
| CVE-2023-41544 | SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitra... | E | |
| CVE-2023-41552 | Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack... | E | |
| CVE-2023-41553 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contai... | E | |
| CVE-2023-41554 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_cr... | E | |
| CVE-2023-41555 | Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at ... | E | |
| CVE-2023-41556 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 w... | E | |
| CVE-2023-41557 | Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack ov... | E | |
| CVE-2023-41558 | Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url... | E | |
| CVE-2023-41559 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 w... | E | |
| CVE-2023-41560 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallE... | E | |
| CVE-2023-41561 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contai... | E | |
| CVE-2023-41562 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.0... | E | |
| CVE-2023-41563 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contai... | E | |
| CVE-2023-41564 | An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows att... | | |
| CVE-2023-41570 | MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in plac... | E | |
| CVE-2023-41575 | Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Don... | | |
| CVE-2023-41578 | Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the inter... | E | |
| CVE-2023-41580 | Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname paramet... | E S | |
| CVE-2023-41588 | A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execut... | E | |
| CVE-2023-41592 | Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.... | E | |
| CVE-2023-41593 | Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP a... | | |
| CVE-2023-41594 | Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL in... | E | |
| CVE-2023-41595 | An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.... | | |
| CVE-2023-41597 | EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via th... | E | |
| CVE-2023-41599 | An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execut... | E | |
| CVE-2023-41601 | Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow att... | E | |
| CVE-2023-41603 | D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This... | S | |
| CVE-2023-41605 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-41609 | An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to ... | E | |
| CVE-2023-41610 | Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintex... | E | |
| CVE-2023-41611 | Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data.... | | |
| CVE-2023-41612 | Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on ... | | |
| CVE-2023-41613 | EzViz Studio v2.2.0 is vulnerable to DLL hijacking.... | E | |
| CVE-2023-41614 | A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Manageme... | | |
| CVE-2023-41615 | Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the A... | E | |
| CVE-2023-41616 | A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Manag... | | |
| CVE-2023-41618 | Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability vi... | E | |
| CVE-2023-41619 | Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the compo... | E | |
| CVE-2023-41621 | A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /ad... | E | |
| CVE-2023-41623 | Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid paramete... | E | |
| CVE-2023-41626 | Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload inte... | | |
| CVE-2023-41627 | O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables i... | | |
| CVE-2023-41628 | An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS... | E | |
| CVE-2023-41629 | A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers... | E | |
| CVE-2023-41630 | eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via t... | E | |
| CVE-2023-41631 | eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via t... | E | |
| CVE-2023-41633 | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/f... | | |
| CVE-2023-41635 | A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI Re... | E | |
| CVE-2023-41636 | A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 ... | | |
| CVE-2023-41637 | An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37... | E | |
| CVE-2023-41638 | An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1... | E | |
| CVE-2023-41640 | An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGi... | E | |
| CVE-2023-41642 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component... | E | |
| CVE-2023-41646 | Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manage... | E | |
| CVE-2023-41648 | WordPress Login and Logout Redirect Plugin <= 2.0.3 is vulnerable to Open Redirection | | |
| CVE-2023-41649 | WordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerability | | |
| CVE-2023-41650 | WordPress Remove/hide Author, Date, Category Like Entry-Meta Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41651 | WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability | S | |
| CVE-2023-41652 | WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to SQL Injection | S | |
| CVE-2023-41653 | WordPress Sermon'e – Sermons Online Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41654 | WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41655 | WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41657 | WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41658 | WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41659 | WordPress Responsive Gallery Grid Plugin <= 2.3.10 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41660 | WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-41661 | WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41662 | WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41663 | WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41664 | WordPress Easy Newsletter Signups plugin <= 1.0.4 - Broken Access Control vulnerability | | |
| CVE-2023-41665 | WordPress GiveWP plugin <= 2.33.0 - GiveWP Manager+ Privilege Escalation vulnerability | S | |
| CVE-2023-41666 | WordPress Stock Quotes List Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41667 | WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41668 | WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-41669 | WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41670 | WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41671 | WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2023-41672 | WordPress Hide admin notices – Admin Notification Center Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-41673 | An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.... | S | |
| CVE-2023-41675 | A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 th... | S | |
| CVE-2023-41676 | An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 ... | S | |
| CVE-2023-41677 | A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 thro... | S | |
| CVE-2023-41678 | A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3... | S | |
| CVE-2023-41679 | An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 throug... | S | |
| CVE-2023-41680 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2023-41681 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2023-41682 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSa... | S | |
| CVE-2023-41683 | WordPress TelSender plugin <= 1.14.11 - Broken Access Control + CSRF vulnerability | S | |
| CVE-2023-41684 | WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41685 | WordPress Woocommerce Support System Plugin <= 1.2.1 is vulnerable to SQL Injection | | |
| CVE-2023-41686 | WordPress Woocommerce Support System plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2023-41687 | WordPress Goods Catalog Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41688 | WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 1.5 - Broken Access Control vulnerability | S | |
| CVE-2023-41689 | WordPress Post to Google My Business (Google Business Profile) plugin <= 3.1.14 - Broken Access Control vulnerability | S | |
| CVE-2023-41690 | WordPress WiserNotify Social Proof plugin <= 2.5 - Broken Access Control vulnerability | S | |
| CVE-2023-41691 | WordPress WooCommerce PensoPay Plugin <= 6.3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41692 | WordPress Attorney Theme <= 3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41693 | WordPress MyCryptoCheckout Plugin <= 2.125 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-41694 | WordPress Realbig Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41695 | WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability | S | |
| CVE-2023-41696 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-41697 | WordPress Easy WP Cleaner Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41699 | Payara Platform: URL Redirection to untrusted site using FORM authentication | | |
| CVE-2023-41703 | User ID references at mentions in document comments were not correctly sanitized. Script code could ... | | |
| CVE-2023-41704 | Processing of CID references at E-Mail can be abused to inject malicious script code that passes the... | | |
| CVE-2023-41705 | Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could... | | |
| CVE-2023-41706 | Processing time of drive search expressions now gets monitored, and the related request is terminate... | | |
| CVE-2023-41707 | Processing of user-defined mail search expressions is not limited. Availability of OX App Suite coul... | | |
| CVE-2023-41708 | References to the "app loader" functionality could contain redirects to unexpected locations. Attack... | | |
| CVE-2023-41710 | User-defined script code could be stored for a upsell related shop URL. This code was not correctly ... | | |
| CVE-2023-41711 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.ex... | | |
| CVE-2023-41712 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp ... | | |
| CVE-2023-41713 | SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.... | | |
| CVE-2023-41715 | SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunne... | | |
| CVE-2023-41717 | Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers ... | E | |
| CVE-2023-41718 | When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated p... | | |
| CVE-2023-41719 | A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker imper... | | |
| CVE-2023-41720 | A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with ... | | |
| CVE-2023-41721 | Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are ver... | | |
| CVE-2023-41723 | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashbo... | S | |
| CVE-2023-41724 | A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat act... | S | |
| CVE-2023-41725 | Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulner... | | |
| CVE-2023-41726 | Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability... | | |
| CVE-2023-41727 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-41728 | WordPress Rescue Shortcodes Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41729 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41730 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41731 | WordPress wordpress publish post email notification Plugin <= 1.0.2.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41732 | WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-41733 | WordPress Back To The Top Button Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41734 | WordPress Insert Estimated Reading Time Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41735 | WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Sensitive Data Exposure | | |
| CVE-2023-41736 | WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41737 | WordPress Swifty Bar, sticky bar by WPGens Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41738 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi... | | |
| CVE-2023-41739 | Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SR... | S | |
| CVE-2023-41740 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi ... | S | |
| CVE-2023-41741 | Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synolog... | S | |
| CVE-2023-41742 | Excessive attack surface due to binding to an unrestricted IP address. The following products are af... | | |
| CVE-2023-41743 | Local privilege escalation due to insecure driver communication port permissions. The following prod... | | |
| CVE-2023-41744 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products... | S | |
| CVE-2023-41745 | Sensitive information disclosure due to excessive collection of system information. The following pr... | | |
| CVE-2023-41746 | Remote command execution due to improper input validation. The following products are affected: Acro... | | |
| CVE-2023-41747 | Sensitive information disclosure due to unauthenticated path traversal. The following products are a... | | |
| CVE-2023-41748 | Remote command execution due to improper input validation. The following products are affected: Acro... | | |
| CVE-2023-41749 | Sensitive information disclosure due to excessive collection of system information. The following pr... | | |
| CVE-2023-41750 | Sensitive information disclosure due to missing authorization. The following products are affected: ... | | |
| CVE-2023-41751 | Sensitive information disclosure due to improper token expiration validation. The following products... | | |
| CVE-2023-41752 | Apache Traffic Server: s3_auth plugin problem with hash calculation | | |
| CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-41764 | Microsoft Office Spoofing Vulnerability | S | |
| CVE-2023-41765 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41766 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | S | |
| CVE-2023-41767 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41768 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41769 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41770 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41771 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41772 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2023-41773 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41774 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2023-41775 | Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows... | | |
| CVE-2023-41776 | Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI | S | |
| CVE-2023-41779 | Illegal Memory Access Vulnerability of ZTE's ZXCLOUD iRAI | S | |
| CVE-2023-41780 | Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI | S | |
| CVE-2023-41781 | XSS Vulnerability in ZTE MF258 Products | S | |
| CVE-2023-41782 | DLL Hijacking Vulnerability in ZTE ZXCLOUD iRAI | S | |
| CVE-2023-41783 | Command Injection Vulnerability of ZTE's ZXCLOUD iRAI | S | |
| CVE-2023-41784 | Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | S | |
| CVE-2023-41786 | Database backups availability by low-privileged users | S | |
| CVE-2023-41787 | Arbitrary File Read | S | |
| CVE-2023-41788 | Remote Code Execution via File Uploader | S | |
| CVE-2023-41789 | Unauthenticated Admin Account Takeover Via XSS | S | |
| CVE-2023-41790 | Traversal Path on PHP file | S | |
| CVE-2023-41791 | Lack of Authorization and Stored XSS Via Translation Abuse | S | |
| CVE-2023-41792 | Lack of Authorization and Stored XSS Via SNMP Trap Editor Page | S | |
| CVE-2023-41793 | Path Traversal and Untrusted Upload File | S | |
| CVE-2023-41796 | WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-41797 | WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41798 | WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection | S | |
| CVE-2023-41800 | WordPress UniConsent Cookie Consent CMP for GDPR / CCPA Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41801 | WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-41802 | WordPress Super Socializer plugin <= 7.13.54 - Broken Access Control vulnerability | S | |
| CVE-2023-41803 | WordPress BitPay Checkout for WooCommerce plugin <= 4.1.0 - Broken Access Control vulnerability | S | |
| CVE-2023-41804 | WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-41805 | Broken Access Control vulnerability in multiple Brainstorm Force plugins | S | |
| CVE-2023-41806 | Misassignment of privileges can cause DOS attack | S | |
| CVE-2023-41807 | Linux Local Privilege Escalation Via GoTTY Page | S | |
| CVE-2023-41808 | Arbitrary File Read As Root Via GoTTY Page | S | |
| CVE-2023-41810 | Stored XSS Via Dashboard Panel | S | |
| CVE-2023-41811 | Stored XSS Via Site News Page | S | |
| CVE-2023-41812 | Uploading executables via the file manager | S | |
| CVE-2023-41813 | User notification settings edition | S | |
| CVE-2023-41814 | XSS Vulnerability Messages | S | |
| CVE-2023-41815 | XSS in File manager | S | |
| CVE-2023-41816 | An improper export vulnerability was reported in the Motorola Services Main application that could ... | S | |
| CVE-2023-41817 | An improper export vulnerability was reported in the Motorola Phone Calls application that could all... | S | |
| CVE-2023-41818 | An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device... | S | |
| CVE-2023-41819 | A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that c... | S | |
| CVE-2023-41820 | An implicit intent vulnerability was reported in the Motorola Ready For application that could allo... | S | |
| CVE-2023-41821 | A an improper export vulnerability was reported in the Motorola Setup application that could allow ... | S | |
| CVE-2023-41822 | An improper export vulnerability was reported in the Motorola Interface Test Tool application that ... | S | |
| CVE-2023-41823 | An improper export vulnerability was reported in the Motorola Phone Extension application, that cou... | S | |
| CVE-2023-41824 | An implicit intent vulnerability was reported in the Motorola Phone Calls application that could al... | S | |
| CVE-2023-41825 | A path traversal vulnerability was reported in the Motorola Ready For application that could allow ... | S | |
| CVE-2023-41826 | A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow... | S | |
| CVE-2023-41827 | An improper export vulnerability was reported in the Motorola OTA update application, that could all... | S | |
| CVE-2023-41828 | An implicit intent export vulnerability was reported in the Motorola Phone application, that could ... | S | |
| CVE-2023-41829 | An improper export vulnerability was reported in the Motorola Carrier Services application that coul... | S | |
| CVE-2023-41830 | An improper absolute path traversal vulnerability was reported for the Ready For application allowi... | S | |
| CVE-2023-41833 | A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potent... | | |
| CVE-2023-41834 | Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences | | |
| CVE-2023-41835 | Apache Struts: excessive disk usage | | |
| CVE-2023-41836 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet ... | S | |
| CVE-2023-41838 | An improper neutralization of special elements used in an os command ('os command injection') in For... | S | |
| CVE-2023-41839 | Rejected reason: Not used... | R | |
| CVE-2023-41840 | A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to per... | S | |
| CVE-2023-41841 | An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows ... | S | |
| CVE-2023-41842 | A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager versio... | S | |
| CVE-2023-41843 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2023-41844 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2023-41846 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008)... | | |
| CVE-2023-41847 | WordPress Notice Bar Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41848 | WordPress Carousel Slider plugin <= 2.2.2 - Broken Access Control vulnerability | S | |
| CVE-2023-41849 | WordPress Posts Like Dislike plugin <= 1.1.0 - Broken Access Control vulnerability | S | |
| CVE-2023-41850 | WordPress Outbound Link Manager Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41851 | WordPress WP Custom Post Template Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41852 | WordPress MailMunch – Grow your Email List Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41853 | WordPress WP iCal Availability Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41854 | WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41855 | WordPress Regpack Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41856 | WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41857 | WordPress Click To Tweet plugin <= 2.0.14 - Broken Access Control vulnerability | | |
| CVE-2023-41858 | WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41859 | WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41860 | WordPress Travel Map Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-41861 | WordPress Restrict Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41862 | WordPress VS Contact Form plugin <= 14.0 - Sum Captcha Bypass vulnerability | S | |
| CVE-2023-41863 | WordPress PeproDev CF7 Database Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41864 | WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2023-41865 | WordPress Slider Pro plugin <= 4.8.6 - Broken Access Control vulnerability | S | |
| CVE-2023-41866 | WordPress Automatic YouTube Gallery plugin <= 2.3.3 - Broken Access Control vulnerability | S | |
| CVE-2023-41867 | WordPress AcyMailing SMTP Newsletter Plugin <= 8.6.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41868 | WordPress Stagtools Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41869 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.4 - Broken Access Control vulnerability | S | |
| CVE-2023-41870 | WordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerability | S | |
| CVE-2023-41871 | WordPress Poll Maker Plugin <= 4.7.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41872 | WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41873 | WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability | S | |
| CVE-2023-41874 | WordPress Order Delivery Date for WooCommerce Plugin <= 3.20.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41875 | WordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerability | S | |
| CVE-2023-41876 | WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-41877 | GeoServer log file path traversal vulnerability | M | |
| CVE-2023-41878 | Weak password of selenium VNC in MeterSphere | S | |
| CVE-2023-41879 | Magento LTS's guest order "protect code" can be brute-forced too easily | E S | |
| CVE-2023-41880 | Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 | S | |
| CVE-2023-41881 | Deleting a collaboration should also delete linked resources | S | |
| CVE-2023-41882 | vantage6 Improper Access Control vulnerability | S | |
| CVE-2023-41884 | ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php | E S | |
| CVE-2023-41885 | Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration | S | |
| CVE-2023-41886 | OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack | E S | |
| CVE-2023-41887 | Remote Code exec in project import with mysql jdbc url attack | E S | |
| CVE-2023-41888 | Phishing through a login page malicious URL in GLPI | | |
| CVE-2023-41889 | Late-Unicode normalization vulnerability in SHIRASAGI | E M | |
| CVE-2023-41890 | Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation | S | |
| CVE-2023-41891 | FlyteAdmin SQL Injection in List Filters | S | |
| CVE-2023-41892 | Craft CMS Remote Code Execution vulnerability | S | |
| CVE-2023-41893 | Account takeover via auth_callback login in Home Assistant Core | | |
| CVE-2023-41894 | Local-only webhooks externally accessible via SniTun in Home Assistant Core | | |
| CVE-2023-41895 | Cross-site Scripting via auth_callback login in Home Assistant Core | | |
| CVE-2023-41896 | Fake websocket server installation permits full takeover in Home Assistant Core | | |
| CVE-2023-41897 | Lack of XFO header allows clickjacking in Home Assistant Core | | |
| CVE-2023-41898 | Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android | | |
| CVE-2023-41899 | Partial Server-Side Request Forgery in Home Assistant Core | | |
| CVE-2023-41900 | Jetty's OpenId Revoked authentication allows one request | E S | |
| CVE-2023-41901 | Rejected reason: Further research determined the issue is not a vulnerability.... | R | |
| CVE-2023-41902 | An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, all... | | |
| CVE-2023-41904 | Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST AP... | | |
| CVE-2023-41905 | NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by ... | | |
| CVE-2023-41908 | Cerebrate before 1.15 lacks the Secure attribute for the session cookie.... | S | |
| CVE-2023-41909 | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c... | S | |
| CVE-2023-41910 | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_A... | S | |
| CVE-2023-41911 | Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).... | | |
| CVE-2023-41913 | strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution vi... | | |
| CVE-2023-41914 | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions f... | | |
| CVE-2023-41915 | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary ... | | |
| CVE-2023-41916 | Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading | | |
| CVE-2023-41917 | Improper input validation in Kiloview P1/P2 devices allows for remote code execution | | |
| CVE-2023-41918 | Missing Authentication for Critical Function in Kiloview P1/P2 devices | | |
| CVE-2023-41919 | Use of Hard-coded Credentials in Kiloview P1/P2 devices | | |
| CVE-2023-41920 | Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices | | |
| CVE-2023-41921 | Download of Code Without Integrity Check in Kiloview P1/P2 devices | | |
| CVE-2023-41922 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices | | |
| CVE-2023-41923 | Weak Password Requirements in Kiloview P1/P2 devices | | |
| CVE-2023-41926 | Insufficiently protected credentials in Kiloview P1/P2 devices | | |
| CVE-2023-41927 | Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices | | |
| CVE-2023-41928 | Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices | | |
| CVE-2023-41929 | A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before... | | |
| CVE-2023-41930 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name... | | |
| CVE-2023-41931 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize ... | | |
| CVE-2023-41932 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestam... | | |
| CVE-2023-41933 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML ... | | |
| CVE-2023-41934 | Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e... | | |
| CVE-2023-41935 | Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-c... | | |
| CVE-2023-41936 | Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checki... | | |
| CVE-2023-41937 | Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values pr... | | |
| CVE-2023-41938 | A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attac... | | |
| CVE-2023-41939 | Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted a... | | |
| CVE-2023-41940 | Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-si... | | |
| CVE-2023-41941 | A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attack... | | |
| CVE-2023-41942 | A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 an... | | |
| CVE-2023-41943 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an H... | | |
| CVE-2023-41944 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter pa... | | |
| CVE-2023-41945 | Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are ena... | | |
| CVE-2023-41946 | A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier a... | | |
| CVE-2023-41947 | A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Ov... | | |
| CVE-2023-41948 | WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41949 | WordPress iFolders Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-41950 | WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-41951 | WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability | S | |
| CVE-2023-41952 | WordPress Fluent Forms plugin <= 5.0.8 - Broken Access Control vulnerability | S | |
| CVE-2023-41953 | WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability | S | |
| CVE-2023-41954 | WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability | | |
| CVE-2023-41955 | WordPress Essential Addons for Elementor plugin <= 5.8.8 - Contributor+ Privilege Escalation vulnerability | S | |
| CVE-2023-41956 | WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability | S | |
| CVE-2023-41957 | WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability | S | |
| CVE-2023-41960 | The vulnerability allows an unprivileged(untrusted) third-party application to interact with a conte... | M | |
| CVE-2023-41961 | Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authentica... | | |
| CVE-2023-41962 | Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions ... | | |
| CVE-2023-41963 | Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthe... | | |
| CVE-2023-41964 | BIG-IP and BIG-IQ Database Variable vulnerability | | |
| CVE-2023-41965 | Socomec MOD3GP-SY-120K Insecure Storage of Sensitive Information | S | |
| CVE-2023-41966 | Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions | M | |
| CVE-2023-41967 | Sensitive information uncleared after debug/power state transition in the Controller 6000 could be ... | | |
| CVE-2023-41968 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura ... | | |
| CVE-2023-41969 | ZSATrayManager Arbitrary File Deletion | | |
| CVE-2023-41970 | Repair App local code execution with arbitrary privileges | | |
| CVE-2023-41971 | Windows ZCC Upgrade DoS And Privilege Escalation Through RPC Control | | |
| CVE-2023-41972 | Revert password check incorrect type validation | | |
| CVE-2023-41973 | Lack of input santization on Zscaler Client Connector enables arbitrary code execution | | |
| CVE-2023-41974 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 ... | | |
| CVE-2023-41975 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, ... | | |
| CVE-2023-41976 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.... | | |
| CVE-2023-41977 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, ... | | |
| CVE-2023-41979 | A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app... | | |
| CVE-2023-41980 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iP... | | |
| CVE-2023-41981 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tv... | | |
| CVE-2023-41982 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in m... | | |
| CVE-2023-41983 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Saf... | | |
| CVE-2023-41984 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tv... | | |
| CVE-2023-41986 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Son... | | |
| CVE-2023-41987 | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be... | | |
| CVE-2023-41988 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in m... | | |
| CVE-2023-41989 | The issue was addressed by restricting options offered on a locked device. This issue is fixed in ma... | | |
| CVE-2023-41990 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3... | KEV | |
| CVE-2023-41991 | A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 an... | KEV | |
| CVE-2023-41992 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 a... | KEV | |
| CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web... | KEV | |
| CVE-2023-41994 | A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera ex... | | |
| CVE-2023-41995 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 ... | | |
| CVE-2023-41996 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that f... | | |
| CVE-2023-41997 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in m... | | |
| CVE-2023-41998 | Arcserve UDP Unauthenticated RCE | E | |
| CVE-2023-41999 | Arcserve UDP Management Authentication Bypass | E |