| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-43013 | Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi) | E | |
| CVE-2023-43014 | Asset Management System v1.0 - Authenticated SQL Injection (SQLi) | E | |
| CVE-2023-43015 | IBM InfoSphere Information Server cross-site scripting | S | |
| CVE-2023-43016 | IBM Security Access Manager Container unauthorized access | S | |
| CVE-2023-43017 | IBM Security Verify Access man in the middle | S | |
| CVE-2023-43018 | IBM CICS TX privilege escalation | S | |
| CVE-2023-43021 | IBM InfoSphere Information Server information disclosure | S | |
| CVE-2023-43029 | IBM Storage Virtualize vSphere Remote Plug-in information disclosure | | |
| CVE-2023-43035 | IBM Sterling Control Center information disclosure | | |
| CVE-2023-43037 | IBM Maximo Application Suite improper access control | | |
| CVE-2023-43040 | IBM Spectrum Fusion HCI improper access control | | |
| CVE-2023-43041 | IBM QRadar information disclosure | S | |
| CVE-2023-43042 | IBM Storage Virtualize information disclosure | | |
| CVE-2023-43043 | IBM Maximo Application Suite information disclosure | | |
| CVE-2023-43044 | IBM License Metric Tool directory traversal | | |
| CVE-2023-43045 | IBM Sterling Partner Engagement Manager security bypass | S | |
| CVE-2023-43051 | IBM Cognos Analytics cross-site scripting | | |
| CVE-2023-43052 | IBM Control Center external service interaction | | |
| CVE-2023-43054 | IBM Engineering Test Management cross-site scripting | | |
| CVE-2023-43057 | IBM QRadar SIEM cross-site scripting | | |
| CVE-2023-43058 | IBM Robotic Process Automation privilege escalation | S | |
| CVE-2023-43064 | IBM i code execution | S | |
| CVE-2023-43065 | Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticat... | | |
| CVE-2023-43066 | Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authe... | | |
| CVE-2023-43067 | Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack coul... | | |
| CVE-2023-43068 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability... | | |
| CVE-2023-43069 | Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerabili... | | |
| CVE-2023-43070 | Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the... | | |
| CVE-2023-43071 | Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML inj... | | |
| CVE-2023-43072 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerabil... | | |
| CVE-2023-43073 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerab... | | |
| CVE-2023-43074 | Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attack... | | |
| CVE-2023-43076 | Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privi... | | |
| CVE-2023-43078 | Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during... | | |
| CVE-2023-43079 | Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Cont... | | |
| CVE-2023-43081 | PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissio... | S | |
| CVE-2023-43082 | Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If... | | |
| CVE-2023-43086 | Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerabili... | | |
| CVE-2023-43087 | Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissi... | | |
| CVE-2023-43088 | Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated att... | | |
| CVE-2023-43089 | Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy f... | | |
| CVE-2023-43090 | Gnome-shell: screenshot tool allows viewing open windows when session is locked | E S | |
| CVE-2023-43091 | Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json | | |
| CVE-2023-43102 | An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited t... | S | |
| CVE-2023-43103 | An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an uns... | S | |
| CVE-2023-43114 | An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.... | S | |
| CVE-2023-43115 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via ... | | |
| CVE-2023-43116 | A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and ... | E | |
| CVE-2023-43118 | Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Eng... | | |
| CVE-2023-43119 | An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fi... | | |
| CVE-2023-43120 | An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before... | | |
| CVE-2023-43121 | A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engi... | | |
| CVE-2023-43122 | Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330... | | |
| CVE-2023-43123 | Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files | | |
| CVE-2023-43124 | BIG-IP APM Clients TunnelCrack vulnerability | M | |
| CVE-2023-43125 | BIG-IP APM Clients TunnelCrack vulnerability | | |
| CVE-2023-43128 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due ... | E | |
| CVE-2023-43129 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due ... | E | |
| CVE-2023-43130 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.... | E | |
| CVE-2023-43131 | General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.... | E | |
| CVE-2023-43132 | szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection... | | |
| CVE-2023-43134 | There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers ... | E | |
| CVE-2023-43135 | There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, ... | E | |
| CVE-2023-43137 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an a... | E | |
| CVE-2023-43138 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an a... | E | |
| CVE-2023-43139 | An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the v... | | |
| CVE-2023-43141 | TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Contr... | E | |
| CVE-2023-43144 | Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" param... | E | |
| CVE-2023-43147 | PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an ad... | E | |
| CVE-2023-43148 | SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker... | E | |
| CVE-2023-43149 | SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to... | E | |
| CVE-2023-43154 | In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin(... | | |
| CVE-2023-43176 | A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitr... | E S | |
| CVE-2023-43177 | CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determin... | E | |
| CVE-2023-43183 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows... | E | |
| CVE-2023-43187 | A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum so... | E | |
| CVE-2023-43191 | SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When user... | E | |
| CVE-2023-43192 | SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the paramet... | E | |
| CVE-2023-43193 | Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a mali... | E S | |
| CVE-2023-43194 | Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post... | E S | |
| CVE-2023-43196 | D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter ... | E | |
| CVE-2023-43197 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parame... | E | |
| CVE-2023-43198 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId p... | E | |
| CVE-2023-43199 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev para... | E | |
| CVE-2023-43200 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parame... | E | |
| CVE-2023-43201 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up par... | E | |
| CVE-2023-43202 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the... | E | |
| CVE-2023-43203 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the fu... | E | |
| CVE-2023-43204 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the... | E | |
| CVE-2023-43206 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the... | E | |
| CVE-2023-43207 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the... | E | |
| CVE-2023-43208 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code e... | KEV E | |
| CVE-2023-43216 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin... | E | |
| CVE-2023-43222 | SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.... | E | |
| CVE-2023-43226 | An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows a... | E | |
| CVE-2023-43232 | A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeB... | | |
| CVE-2023-43233 | A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0... | | |
| CVE-2023-43234 | DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /a... | | |
| CVE-2023-43235 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and End... | E | |
| CVE-2023-43236 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckppp... | E | |
| CVE-2023-43237 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in... | E | |
| CVE-2023-43238 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in f... | E | |
| CVE-2023-43239 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in sho... | E | |
| CVE-2023-43240 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in... | E | |
| CVE-2023-43241 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and Guard... | E | |
| CVE-2023-43242 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList... | E | |
| CVE-2023-43250 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted ... | E | |
| CVE-2023-43251 | XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers c... | E | |
| CVE-2023-43252 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.... | E | |
| CVE-2023-43256 | A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sen... | S | |
| CVE-2023-43260 | Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scri... | E | |
| CVE-2023-43261 | An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attacke... | E | |
| CVE-2023-43263 | A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbi... | E | |
| CVE-2023-43267 | A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allo... | | |
| CVE-2023-43268 | Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerabilit... | E | |
| CVE-2023-43269 | pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.... | | |
| CVE-2023-43270 | dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the us... | E | |
| CVE-2023-43271 | Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the ... | E | |
| CVE-2023-43274 | Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.... | E | |
| CVE-2023-43275 | Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface ... | E | |
| CVE-2023-43278 | A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to a... | | |
| CVE-2023-43279 | Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to cr... | E | |
| CVE-2023-43281 | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial ... | E | |
| CVE-2023-43284 | D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticate... | E | |
| CVE-2023-43291 | Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to exec... | E | |
| CVE-2023-43292 | Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local... | | |
| CVE-2023-43295 | Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 an... | | |
| CVE-2023-43297 | An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the... | E | |
| CVE-2023-43298 | An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious no... | E | |
| CVE-2023-43299 | An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifica... | E | |
| CVE-2023-43300 | An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifi... | | |
| CVE-2023-43301 | An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious not... | E | |
| CVE-2023-43302 | An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications... | E | |
| CVE-2023-43303 | An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious... | | |
| CVE-2023-43304 | An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifica... | E | |
| CVE-2023-43305 | An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifica... | E | |
| CVE-2023-43309 | There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster... | E | |
| CVE-2023-43314 | ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware ... | | |
| CVE-2023-43317 | An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPer... | E | |
| CVE-2023-43318 | TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges... | | |
| CVE-2023-43319 | Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows atta... | | |
| CVE-2023-43320 | An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 t... | S | |
| CVE-2023-43321 | File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated atta... | E | |
| CVE-2023-43322 | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6... | | |
| CVE-2023-43323 | mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the s... | E | |
| CVE-2023-43325 | A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocia... | E | |
| CVE-2023-43326 | A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 all... | E | |
| CVE-2023-43331 | A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attacke... | E | |
| CVE-2023-43336 | Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to con... | E | |
| CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the fun... | E | |
| CVE-2023-43339 | Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execut... | E | |
| CVE-2023-43340 | Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arb... | E | |
| CVE-2023-43341 | Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute... | E | |
| CVE-2023-43342 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to ... | E | |
| CVE-2023-43343 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to ... | E | |
| CVE-2023-43344 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to ... | E | |
| CVE-2023-43345 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to ... | E | |
| CVE-2023-43346 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to ... | E | |
| CVE-2023-43352 | An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted p... | E | |
| CVE-2023-43353 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43354 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43355 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43356 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43357 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43358 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43359 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43360 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi... | E | |
| CVE-2023-43361 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary c... | E | |
| CVE-2023-43364 | main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.... | E S | |
| CVE-2023-43371 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle paramet... | E | |
| CVE-2023-43373 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg param... | E | |
| CVE-2023-43374 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log para... | E | |
| CVE-2023-43375 | Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/cl... | | |
| CVE-2023-43376 | A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows at... | E | |
| CVE-2023-43377 | A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.... | E | |
| CVE-2023-43378 | A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrar... | E | |
| CVE-2023-43381 | SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive in... | E | |
| CVE-2023-43382 | Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execut... | | |
| CVE-2023-43449 | An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbi... | E | |
| CVE-2023-43453 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attack... | E | |
| CVE-2023-43454 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attack... | E | |
| CVE-2023-43455 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attack... | E | |
| CVE-2023-43456 | Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attac... | E M | |
| CVE-2023-43457 | An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via... | E M | |
| CVE-2023-43458 | Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker... | E | |
| CVE-2023-43468 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute a... | E | |
| CVE-2023-43469 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute a... | | |
| CVE-2023-43470 | SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute... | E | |
| CVE-2023-43472 | An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive informatio... | E | |
| CVE-2023-43477 | Post-Auth Command Injection in Telstra Smart Modem Gen 2 (Arcadyan LH1000) | E | |
| CVE-2023-43478 | Unauthenticated configuration restore and firmware update | E | |
| CVE-2023-43481 | An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp... | E | |
| CVE-2023-43482 | A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada... | E | |
| CVE-2023-43484 | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 al... | | |
| CVE-2023-43485 | BIGIP and BIG-IQ TACACS+ audit log Vulnerability | | |
| CVE-2023-43487 | Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated use... | | |
| CVE-2023-43488 | The vulnerability allows a low privileged (untrusted) application to modify a critical system prope... | M | |
| CVE-2023-43489 | Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authent... | S | |
| CVE-2023-43490 | Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Inte... | | |
| CVE-2023-43491 | An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi function... | | |
| CVE-2023-43492 | Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow | E S | |
| CVE-2023-43493 | SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a ... | | |
| CVE-2023-43494 | Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not ex... | | |
| CVE-2023-43495 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constr... | | |
| CVE-2023-43496 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary ... | | |
| CVE-2023-43497 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web... | | |
| CVE-2023-43498 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDa... | | |
| CVE-2023-43499 | Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build... | | |
| CVE-2023-43500 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and... | | |
| CVE-2023-43501 | A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attacke... | | |
| CVE-2023-43502 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and... | | |
| CVE-2023-43503 | A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affecte... | | |
| CVE-2023-43504 | A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for t... | | |
| CVE-2023-43505 | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper a... | | |
| CVE-2023-43506 | Local Privilege Escalation in ClearPass OnGuard Linux Agent | | |
| CVE-2023-43507 | Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface | | |
| CVE-2023-43508 | Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface | | |
| CVE-2023-43509 | Unauthenticated Endpoint Allows Sending Arbitrary OnGuard Notifications | | |
| CVE-2023-43510 | Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise | | |
| CVE-2023-43511 | Loop with Unreachable Exit Condition (Infinite Loop) in WLAN Firmware | | |
| CVE-2023-43512 | Buffer Over-read in Qualcomm ESL | | |
| CVE-2023-43513 | Use of Out-of-range Pointer Offset in PCIe | | |
| CVE-2023-43514 | Use After Free in DSP Services | S | |
| CVE-2023-43515 | Buffer copy without checking size of input (Classic buffer overflow) in HLOS | S | |
| CVE-2023-43516 | Use of out-of-range pointer offset in Video | | |
| CVE-2023-43517 | Improper Access Control in Automotive Multimedia | | |
| CVE-2023-43518 | Untrusted Pointer Dereference in Video | | |
| CVE-2023-43519 | Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Video | | |
| CVE-2023-43520 | Stack-based Buffer Overflow in WLAN HOST | | |
| CVE-2023-43521 | Use After Free in HLOS | S | |
| CVE-2023-43522 | NULL Pointer Dereference in WLAN Firmware | | |
| CVE-2023-43523 | Reachable Assertion in WLAN Firmware | | |
| CVE-2023-43524 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio | S | |
| CVE-2023-43525 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio | S | |
| CVE-2023-43526 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio | S | |
| CVE-2023-43527 | Buffer Over-read in Video | | |
| CVE-2023-43528 | Buffer Over-read in Audio | S | |
| CVE-2023-43529 | Reachable Assertion in Data Modem | | |
| CVE-2023-43530 | Integer Overflow or Wraparound in HLOS | | |
| CVE-2023-43531 | Access of Uninitialized Pointer in SPS Applications | | |
| CVE-2023-43532 | Untrusted Pointer Dereference in Display | | |
| CVE-2023-43533 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-43534 | Use of Out-of-range Pointer Offset in WLAN HOST | | |
| CVE-2023-43535 | Improper Validation of Array Index in Display | | |
| CVE-2023-43536 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-43537 | Buffer Over-read in WLAN Host | S | |
| CVE-2023-43538 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in TZ Secure OS | | |
| CVE-2023-43539 | Buffer Over-read in WLAN Firmware | | |
| CVE-2023-43540 | Buffer Copy Without Checking Size of Input in Bluetooth HOST | | |
| CVE-2023-43541 | NULL Pointer Dereference in Windows Graphics | | |
| CVE-2023-43542 | Buffer Copy Without Checking Size of Input in Trusted Execution Environment | | |
| CVE-2023-43543 | Use After Free in Audio | S | |
| CVE-2023-43544 | Use After Free in Audio | S | |
| CVE-2023-43545 | Integer Overflow or Wraparound in WLAN HOST | S | |
| CVE-2023-43546 | Use After Free in Automotive Multimedia | S | |
| CVE-2023-43547 | Use After Free in Automotive Multimedia | S | |
| CVE-2023-43548 | Buffer Copy Without Checking Size of Input in Video | | |
| CVE-2023-43549 | Stack-based Buffer Overflow in WLAN HAL | | |
| CVE-2023-43550 | Integer Overflow or Wraparound in Core Services | S | |
| CVE-2023-43551 | Improper Authentication in Multi-Mode Call Processor | | |
| CVE-2023-43552 | Use After Free in WLAN Host Communication | S | |
| CVE-2023-43553 | Use of Out-of-range Pointer Offset in WLAN HOST | S | |
| CVE-2023-43554 | Improper Restriction of Operations withing the Bounds of a Memory Buffer in DSP Services | | |
| CVE-2023-43555 | Buffer Over-read in Video | | |
| CVE-2023-43556 | Buffer Copy Without Checking Size of Input in Hypervisor | | |
| CVE-2023-43566 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration... | | |
| CVE-2023-43567 | A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products t... | S | |
| CVE-2023-43568 | A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products ... | S | |
| CVE-2023-43569 | A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a... | S | |
| CVE-2023-43570 | A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may a... | S | |
| CVE-2023-43571 | A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products tha... | S | |
| CVE-2023-43572 | A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products th... | S | |
| CVE-2023-43573 | A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop ... | S | |
| CVE-2023-43574 | A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop... | S | |
| CVE-2023-43575 | A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that... | S | |
| CVE-2023-43576 | A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow... | S | |
| CVE-2023-43577 | A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow ... | S | |
| CVE-2023-43578 | A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow... | S | |
| CVE-2023-43579 | A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allo... | S | |
| CVE-2023-43580 | A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may a... | S | |
| CVE-2023-43581 | A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may all... | S | |
| CVE-2023-43582 | Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of... | | |
| CVE-2023-43583 | Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android... | | |
| CVE-2023-43585 | Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may a... | | |
| CVE-2023-43586 | Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Wi... | | |
| CVE-2023-43588 | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct... | | |
| CVE-2023-43590 | Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to con... | | |
| CVE-2023-43591 | Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authentica... | | |
| CVE-2023-43608 | A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08... | E S | |
| CVE-2023-43609 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization | S | |
| CVE-2023-43610 | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 all... | | |
| CVE-2023-43611 | BIG-IP Edge Client for macOS vulnerability | | |
| CVE-2023-43612 | Hiview has an improper preservation of permissions vulnerability | | |
| CVE-2023-43614 | Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8... | | |
| CVE-2023-43615 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.... | M | |
| CVE-2023-43616 | An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files duri... | E | |
| CVE-2023-43617 | An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and r... | E | |
| CVE-2023-43618 | An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local I... | E | |
| CVE-2023-43619 | An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, ... | E | |
| CVE-2023-43620 | An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a ... | E | |
| CVE-2023-43621 | An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be ... | E | |
| CVE-2023-43622 | Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 | | |
| CVE-2023-43623 | A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions <... | | |
| CVE-2023-43624 | CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restri... | | |
| CVE-2023-43625 | A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected appli... | M | |
| CVE-2023-43626 | Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to... | | |
| CVE-2023-43627 | Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware v... | | |
| CVE-2023-43628 | An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~d... | E | |
| CVE-2023-43629 | Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may all... | | |
| CVE-2023-43630 | Config Partition Not Measured From 2 Fronts | | |
| CVE-2023-43631 | SSH as Root Unlockable Without Triggering Measured Boot | | |
| CVE-2023-43632 | Freely Allocate Buffer on The Stack With Data From Socket | | |
| CVE-2023-43633 | Debug Functions Unlockable Without Triggering Measured Boot | | |
| CVE-2023-43634 | Config Partition Not Protected by Measured Boot | | |
| CVE-2023-43635 | Vault Key Sealed With SHA1 PCRs | | |
| CVE-2023-43636 | Rootfs Not Protected | | |
| CVE-2023-43637 | Vault Key Partially Predetermined | | |
| CVE-2023-43640 | TaxonWorks SQL injection vulnerability | S | |
| CVE-2023-43641 | libcue vulnerable to out-of-bounds array access | E S | |
| CVE-2023-43642 | Missing upper bound check on chunk length in snappy-java | E S | |
| CVE-2023-43643 | mXSS in AntiSamy | E S | |
| CVE-2023-43644 | Improper authentication in the SOCKS5 inbound in sing-box | | |
| CVE-2023-43645 | Denial of service from circular relationship definitions in OpenFGA | S | |
| CVE-2023-43646 | Inefficient Regular Expression Complexity in get-func-name | E S | |
| CVE-2023-43647 | baserCMS Cross-site Scripting vulnerability in File upload Feature | | |
| CVE-2023-43648 | baserCMS Directory Traversal vulnerability in Form submission data management Feature | S | |
| CVE-2023-43649 | baserCMS CSRF vulnerability in Content preview Feature | S | |
| CVE-2023-43650 | Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver | E | |
| CVE-2023-43651 | Remote code execution on the host system via MongoDB shell in jumpserver | E | |
| CVE-2023-43652 | Non-MFA account takeover via using only SSH public key to login in jumpserver | E | |
| CVE-2023-43654 | TorchServe Server-Side Request Forgery | E | |
| CVE-2023-43655 | Remote Code Execution via web-accessible composer.phar | S | |
| CVE-2023-43656 | Sandbox escape for instances that have enabled transformation functions in matrix-hookshot | S | |
| CVE-2023-43657 | Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration | S | |
| CVE-2023-43658 | Improper escaping of user input in discourse-calendar | S | |
| CVE-2023-43659 | Cross-site Scripting via email preview when CSP disabled in Discourse | | |
| CVE-2023-43660 | SSH key password bypassed in warpgate | S | |
| CVE-2023-43661 | Cachet vulnerable to Authenticated Remote Code Execution | E S | |
| CVE-2023-43662 | Arbitrary file read vulnerability in Shoko Server | E M | |
| CVE-2023-43663 | Improper Privilege Management in Prestashop | S | |
| CVE-2023-43664 | Employee without any access rights can list all installed modules in Prestashop | S | |
| CVE-2023-43665 | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncato... | S | |
| CVE-2023-43666 | Apache InLong: General user Unauthorized access User Management | S | |
| CVE-2023-43667 | Apache InLong: Log Injection in Global functions | | |
| CVE-2023-43668 | Apache InLong: Jdbc Connection Security Bypass in InLong | | |
| CVE-2023-43669 | The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (m... | E S | |
| CVE-2023-43696 | Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as u... | S | |
| CVE-2023-43697 | Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote a... | S | |
| CVE-2023-43698 | Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in S... | S | |
| CVE-2023-43699 | Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivile... | S | |
| CVE-2023-43700 | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data vi... | S | |
| CVE-2023-43701 | Apache Superset: Stored XSS on API endpoint | | |
| CVE-2023-43702 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43703 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43704 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43705 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43706 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43707 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43708 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43709 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43710 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43711 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43712 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43713 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43714 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43715 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43716 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43717 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43718 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43719 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43720 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43721 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43722 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43723 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43724 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43725 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43726 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43727 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43728 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43729 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43730 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43731 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43732 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43733 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43734 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43735 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) | E | |
| CVE-2023-43737 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-43738 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-43739 | Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi) | E | |
| CVE-2023-43740 | Online Book Store Project v1.0 - Insecure File Upload | E | |
| CVE-2023-43741 | A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions pr... | E | |
| CVE-2023-43742 | An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware ... | | |
| CVE-2023-43743 | A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firm... | | |
| CVE-2023-43744 | An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 w... | | |
| CVE-2023-43745 | Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authentica... | | |
| CVE-2023-43746 | BIG-IP Appliance mode external monitor vulnerability | | |
| CVE-2023-43747 | Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers b... | | |
| CVE-2023-43748 | Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may... | | |
| CVE-2023-43749 | Rejected reason: This is unused.... | R | |
| CVE-2023-43751 | Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphi... | | |
| CVE-2023-43752 | OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and ear... | | |
| CVE-2023-43753 | Improper conditions check in some Intel(R) Processors with Intel(R) SGX may allow a privileged user ... | | |
| CVE-2023-43754 | Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels | S | |
| CVE-2023-43755 | Zavio IP Camera Stack-Based Buffer Overflow | M | |
| CVE-2023-43756 | Dsoftbus has an out-of-bounds read vulnerability | | |
| CVE-2023-43757 | Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOG... | | |
| CVE-2023-43758 | Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user ... | | |
| CVE-2023-43760 | Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure ... | | |
| CVE-2023-43761 | Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client ... | | |
| CVE-2023-43762 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend)... | | |
| CVE-2023-43763 | Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects Wit... | | |
| CVE-2023-43764 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-43762. Reason: This candidat... | R | |
| CVE-2023-43765 | Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure ... | | |
| CVE-2023-43766 | Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. Thi... | | |
| CVE-2023-43767 | Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affe... | | |
| CVE-2023-43768 | An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthentic... | | |
| CVE-2023-43769 | An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are U... | | |
| CVE-2023-43770 | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail... | KEV S | |
| CVE-2023-43771 | In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port coul... | S | |
| CVE-2023-43775 | Security issue in SMP Gateway automation platform | | |
| CVE-2023-43776 | Weak encoding vulnerability in easyE4 | M | |
| CVE-2023-43777 | Insecure storage of password in easySoft | | |
| CVE-2023-43782 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The f... | E | |
| CVE-2023-43783 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The file... | E | |
| CVE-2023-43784 | Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Fire... | | |
| CVE-2023-43785 | Libx11: out-of-bounds memory access in _xkbreadkeysyms() | | |
| CVE-2023-43786 | Libx11: stack exhaustion from infinite recursion in putsubimage() | | |
| CVE-2023-43787 | Libx11: integer overflow in xcreateimage() leading to a heap overflow | | |
| CVE-2023-43788 | Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer() | | |
| CVE-2023-43789 | Libxpm: out of bounds read on xpm with corrupted colormap | | |
| CVE-2023-43790 | iTop vulnerable to XSS in friendlyname in object details | S | |
| CVE-2023-43791 | Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens | E S | |
| CVE-2023-43792 | baserCMS Code Injection Vulnerability in Mail Form Feature | | |
| CVE-2023-43793 | Misskey allows users to bypass authentication of Bull dashboard | S | |
| CVE-2023-43794 | SQL Injection in nocodb | E | |
| CVE-2023-43795 | WPS Server Side Request Forgery in GeoServer | M | |
| CVE-2023-43796 | Synapse vulnerable to leak of remote user device information | S | |
| CVE-2023-43797 | BigBlueButton Stored Cross-site Scripting vulnerability at Guest Lobby | S | |
| CVE-2023-43798 | BigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass) | | |
| CVE-2023-43799 | The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system | | |
| CVE-2023-43800 | Insufficient Verification of Data Authenticity in Arduino Create Agent | | |
| CVE-2023-43801 | Path traversal in Arduino Create Agent | | |
| CVE-2023-43802 | Path traversal in Arduino Create Agent | | |
| CVE-2023-43803 | Path traversal in Arduino Create Agent | | |
| CVE-2023-43804 | `Cookie` HTTP header isn't stripped on cross-origin redirects | S | |
| CVE-2023-43805 | Nexkey allows users to bypass authentication of Bull dashboard | S | |
| CVE-2023-43809 | Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled | E S | |
| CVE-2023-43810 | opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics | S | |
| CVE-2023-43813 | glpi Authenticated SQL Injection | S | |
| CVE-2023-43814 | Exposure of poll options and votes to unauthorized users in Discourse | | |
| CVE-2023-43815 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wScreenDESCTextLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43816 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wKPFStringLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43817 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wMailContentLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43818 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wTextLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43819 | Delta Electronics Delta Industrial Automation DOPSoft DPS File InitialMacroLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43820 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesPrevValueLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43821 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesActionLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43822 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43823 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wTTitleLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43824 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wTitleTextLen Buffer Overflow Remote Code Execution | | |
| CVE-2023-43825 | Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attack... | | |
| CVE-2023-43826 | Apache Guacamole: Integer overflow in handling of VNC image buffers | | |
| CVE-2023-43828 | A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to... | E | |
| CVE-2023-43830 | A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allo... | E | |
| CVE-2023-43835 | Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that co... | E | |
| CVE-2023-43836 | There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain ... | E | |
| CVE-2023-43838 | An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to exe... | E | |
| CVE-2023-43842 | Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 ... | | |
| CVE-2023-43843 | Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 ... | | |
| CVE-2023-43844 | Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. T... | | |
| CVE-2023-43845 | Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user... | | |
| CVE-2023-43846 | Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4... | | |
| CVE-2023-43847 | Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and ... | | |
| CVE-2023-43848 | Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228... | | |
| CVE-2023-43849 | Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.... | | |
| CVE-2023-43850 | Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 an... | | |
| CVE-2023-43851 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-43856 | Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component ... | | |
| CVE-2023-43857 | Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2023-43860 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function.... | E | |
| CVE-2023-43861 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function.... | E | |
| CVE-2023-43862 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function.... | E | |
| CVE-2023-43863 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function.... | E | |
| CVE-2023-43864 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function.... | E | |
| CVE-2023-43865 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function.... | E | |
| CVE-2023-43866 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function.... | E | |
| CVE-2023-43867 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function.... | E | |
| CVE-2023-43868 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function.... | E | |
| CVE-2023-43869 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function.... | E | |
| CVE-2023-43870 | When installing the Net2 software a root certificate is installed into the trusted store. A potentia... | | |
| CVE-2023-43871 | A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden... | E | |
| CVE-2023-43872 | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file w... | E | |
| CVE-2023-43873 | A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute ar... | E | |
| CVE-2023-43874 | Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to exe... | E | |
| CVE-2023-43875 | Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a ... | E | |
| CVE-2023-43876 | A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to... | E | |
| CVE-2023-43877 | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute... | E | |
| CVE-2023-43878 | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute... | E | |
| CVE-2023-43879 | Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitra... | E | |
| CVE-2023-43884 | A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v... | E | |
| CVE-2023-43885 | Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows au... | E | |
| CVE-2023-43886 | A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenti... | E | |
| CVE-2023-43887 | Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and nu... | E S | |
| CVE-2023-43890 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic... | E | |
| CVE-2023-43891 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing U... | E | |
| CVE-2023-43892 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname ... | E | |
| CVE-2023-43893 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_ma... | E | |
| CVE-2023-43896 | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or e... | E | |
| CVE-2023-43898 | Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__conver... | E S | |
| CVE-2023-43899 | hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax... | | |
| CVE-2023-43900 | Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized acc... | E | |
| CVE-2023-43901 | Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated a... | E | |
| CVE-2023-43902 | Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthentica... | E | |
| CVE-2023-43905 | Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account pas... | | |
| CVE-2023-43906 | Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.... | E | |
| CVE-2023-43907 | OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifre... | E | |
| CVE-2023-43909 | Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2023-43944 | A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System... | E | |
| CVE-2023-43951 | SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Mana... | | |
| CVE-2023-43952 | SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Mate... | | |
| CVE-2023-43953 | SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Man... | | |
| CVE-2023-43955 | The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents ... | E | |
| CVE-2023-43956 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-36263. Reason: This record is a du... | R | |
| CVE-2023-43958 | An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of ... | E | |
| CVE-2023-43959 | An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary... | E | |
| CVE-2023-43960 | An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the Use... | E | |
| CVE-2023-43961 | An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a spe... | E | |
| CVE-2023-43962 | Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to ... | E | |
| CVE-2023-43971 | Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary ... | E | |
| CVE-2023-43976 | An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winni... | E | |
| CVE-2023-43979 | ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the comp... | S | |
| CVE-2023-43980 | Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability ... | | |
| CVE-2023-43981 | Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability... | S | |
| CVE-2023-43982 | Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Req... | | |
| CVE-2023-43983 | Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via... | S | |
| CVE-2023-43984 | Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to a... | | |
| CVE-2023-43985 | SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the S... | S | |
| CVE-2023-43986 | DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via th... | | |
| CVE-2023-43988 | An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious... | E | |
| CVE-2023-43989 | An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notif... | E | |
| CVE-2023-43990 | An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifica... | E | |
| CVE-2023-43991 | An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notific... | E | |
| CVE-2023-43992 | An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notif... | E | |
| CVE-2023-43993 | An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious n... | E | |
| CVE-2023-43994 | An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious no... | E | |
| CVE-2023-43995 | An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notificat... | E | |
| CVE-2023-43996 | An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notificatio... | E | |
| CVE-2023-43997 | An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious ... | E | |
| CVE-2023-43998 | An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notific... | E | |
| CVE-2023-43999 | An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious not... | E |