| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-45000 | WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Broken Access Control on API vulnerability | S | |
| CVE-2023-45001 | WordPress Seriously Simple Stats Plugin <= 1.5.0 is vulnerable to SQL Injection | S | |
| CVE-2023-45002 | WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability | S | |
| CVE-2023-45003 | WordPress Social Feed Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45004 | WordPress Woo Custom Emails Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45005 | WordPress Seriously Simple Stats Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45006 | WordPress WooODT Lite Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45007 | WordPress Fotomoto Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45008 | WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45009 | WordPress Captcha for Contact Form 7 plugin <= 1.11.3 - Capcha Bypass vulnerability | S | |
| CVE-2023-45010 | WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45011 | WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45012 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45013 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45014 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45015 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45016 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45017 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45018 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45019 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45024 | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction s... | S | |
| CVE-2023-45025 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-45026 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-45027 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-45028 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-45035 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-45036 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-45037 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-45038 | Music Station | S | |
| CVE-2023-45039 | QTS, QuTS hero | S | |
| CVE-2023-45040 | QTS, QuTS hero | S | |
| CVE-2023-45041 | QTS, QuTS hero | S | |
| CVE-2023-45042 | QTS, QuTS hero | S | |
| CVE-2023-45043 | QTS, QuTS hero | S | |
| CVE-2023-45044 | QTS, QuTS hero | S | |
| CVE-2023-45045 | WordPress WP Custom Widget area plugin <= 1.2.5 - Broken Access Control vulnerability | | |
| CVE-2023-45046 | WordPress Pressference Exporter Plugin <= 1.0.3 is vulnerable to SQL Injection | | |
| CVE-2023-45047 | WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45048 | WordPress Social proof testimonials and reviews by Repuso Plugin <= 5.00 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45049 | WordPress YouTube Playlist Player Plugin <= 4.6.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45050 | WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS) | E S | |
| CVE-2023-45051 | WordPress Image vertical reel scroll slideshow Plugin <= 9.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45052 | WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45053 | WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability | S | |
| CVE-2023-45054 | WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45055 | WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection | S | |
| CVE-2023-45056 | WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45057 | WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45058 | WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45059 | WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45060 | WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45061 | WordPress WP Job Openings plugin <= 3.4.1 - Broken Access Control vulnerability | S | |
| CVE-2023-45062 | WordPress Download canvasio3D Light Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45063 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45064 | WordPress OPcache Dashboard Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45065 | WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 1.42 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45066 | WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure | | |
| CVE-2023-45067 | WordPress WP Simple HTML Sitemap Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45068 | WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45069 | WordPress Video Gallery – YouTube Gallery Plugin <= 2.1.3 is vulnerable to SQL Injection | | |
| CVE-2023-45070 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45071 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45072 | WordPress Order auto complete for WooCommerce Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45073 | WordPress Mendeley Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45074 | WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection | S | |
| CVE-2023-45075 | A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local at... | S | |
| CVE-2023-45076 | A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attack... | S | |
| CVE-2023-45077 | A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attack... | S | |
| CVE-2023-45078 | A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a lo... | S | |
| CVE-2023-45079 | A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attac... | S | |
| CVE-2023-45083 | HyperCloud: "admin" and "serveradmin" users can be deleted | | |
| CVE-2023-45084 | Media caddy removal and reinsertion without reboot may cause data loss | | |
| CVE-2023-45085 | When compute hosts are disabled and reenabled, they immediately transition to "ON", not "INIT" | | |
| CVE-2023-45101 | WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability | S | |
| CVE-2023-45102 | WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45103 | WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45104 | WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability | S | |
| CVE-2023-45105 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection | S | |
| CVE-2023-45106 | WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45107 | WordPress GoodBarber Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45108 | WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45109 | WordPress WhitePage Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45110 | WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability | S | |
| CVE-2023-45111 | Online Examination System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45112 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45113 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45114 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45115 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) | E | |
| CVE-2023-45116 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) | E | |
| CVE-2023-45117 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) | | |
| CVE-2023-45118 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) | E | |
| CVE-2023-45119 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) | E | |
| CVE-2023-45120 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) | E | |
| CVE-2023-45121 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) | E | |
| CVE-2023-45122 | Rejected reason: It is a duplicate.... | R | |
| CVE-2023-45123 | Rejected reason: It is a duplicate.... | R | |
| CVE-2023-45124 | Rejected reason: It is a duplicate.... | R | |
| CVE-2023-45125 | Rejected reason: It is a duplicate.... | R | |
| CVE-2023-45126 | Rejected reason: It is a duplicate.... | R | |
| CVE-2023-45127 | Rejected reason: It is a duplicate.... | R | |
| CVE-2023-45128 | CSRF Token Reuse Vulnerability in fiber | S | |
| CVE-2023-45129 | matrix-synapse vulnerable to denial of service due to malicious server ACL events | S | |
| CVE-2023-45130 | Frontier opcode SUICIDE touches too many storage values on large contracts | S | |
| CVE-2023-45131 | Unauthenticated access to new private chat messages in Discourse | | |
| CVE-2023-45132 | IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For | S | |
| CVE-2023-45133 | Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code | S | |
| CVE-2023-45134 | XWiki Platform XSS vulnerability from account in the create page form via template provider | E S | |
| CVE-2023-45135 | XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title | E S | |
| CVE-2023-45136 | XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled | E S | |
| CVE-2023-45137 | XWiki Platform XSS with edit right in the create document form for existing pages | E S | |
| CVE-2023-45138 | Change Request Application vulnerable to XSS and remote code execution through change request title | S | |
| CVE-2023-45139 | fonttools XML External Entity Injection (XXE) Vulnerability | E S | |
| CVE-2023-45140 | Group-based JIT MFA bypass on scp and sftp in The Bastion | S | |
| CVE-2023-45141 | CSRF Token Validation Vulnerability in fiber | M | |
| CVE-2023-45142 | OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics | | |
| CVE-2023-45143 | Undici's cookie header not cleared on cross-origin redirect in fetch | S | |
| CVE-2023-45144 | Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App | S | |
| CVE-2023-45145 | Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window. | S | |
| CVE-2023-45146 | Remote code execution in XXL-RPC | | |
| CVE-2023-45147 | Arbitrary keys can be added to a topic's custom fields by any user in Discourse | | |
| CVE-2023-45148 | Rate limiter not working reliable when Memcached is installed in Nextcloud | S | |
| CVE-2023-45149 | Password of talk conversations can be bruteforced in Nextcloud | S | |
| CVE-2023-45150 | Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive | E S | |
| CVE-2023-45151 | OAuth2 client_secret stored in plain text in the Nextcloud database | S | |
| CVE-2023-45152 | Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem | E S | |
| CVE-2023-45158 | An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is confi... | S | |
| CVE-2023-45159 | 1E Client installer can perform arbitrary file deletion on protected files | | |
| CVE-2023-45160 | Elevated Temp Directory Execution in 1E Client | | |
| CVE-2023-45161 | 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution | | |
| CVE-2023-45162 | Blind SQL vulnerability in 1E platform | | |
| CVE-2023-45163 | 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution | | |
| CVE-2023-45165 | IBM AIX denial of service | | |
| CVE-2023-45166 | IBM AIX privilege escalation | | |
| CVE-2023-45167 | IBM AIX denial of service | | |
| CVE-2023-45168 | IBM AIX command execution | | |
| CVE-2023-45169 | IBM AIX denial of service | | |
| CVE-2023-45170 | IBM AIX privilege escalation | | |
| CVE-2023-45171 | IBM AIX denial of service | | |
| CVE-2023-45172 | IBM AIX denial of service | S | |
| CVE-2023-45173 | IBM AIX denial of service | | |
| CVE-2023-45174 | IBM AIX privilege escalation | | |
| CVE-2023-45175 | IBM AIX denial of service | | |
| CVE-2023-45176 | IBM App Connect Enterprise and IBM Integration Bus denial of service | S | |
| CVE-2023-45177 | IBM MQ denial of service | | |
| CVE-2023-45178 | IBM Db2 denial of service | S | |
| CVE-2023-45181 | IBM Jazz Foundation cross-site scripting | | |
| CVE-2023-45182 | IBM i Access Client Solutions information disclosure | | |
| CVE-2023-45184 | IBM i Access Client Solutions | | |
| CVE-2023-45185 | IBM i Access Client Solutions code execution | | |
| CVE-2023-45186 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2023-45187 | IBM Engineering Lifecycle Optimization - Publishing session fixation | S | |
| CVE-2023-45188 | IBM Engineering Lifecycle Optimization Publishing file upload | | |
| CVE-2023-45189 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2023-45190 | IBM Engineering Lifecycle Optimization HTTP header injection | S | |
| CVE-2023-45191 | IBM Engineering Lifecycle Optimization information disclosure | S | |
| CVE-2023-45192 | IBM Engineering Requirements Management DOORS Next XML external entity injection | | |
| CVE-2023-45193 | IBM Db2 denial of service | S | |
| CVE-2023-45194 | Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D... | S | |
| CVE-2023-45195 | Adminer and AdminerEvo SSRF | S | |
| CVE-2023-45196 | Adminer and AdminerEvo denial of service via HTTP redirect | S | |
| CVE-2023-45197 | Adminer and AdminerEvo vulnerable to directory traversal and file upload | S | |
| CVE-2023-45198 | ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authenticat... | S | |
| CVE-2023-45199 | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution... | | |
| CVE-2023-45201 | Online Examination System v1.0 - Multiple Open Redirects | E | |
| CVE-2023-45202 | Online Examination System v1.0 - Multiple Open Redirects | E | |
| CVE-2023-45203 | Online Examination System v1.0 - Multiple Open Redirects | E | |
| CVE-2023-45204 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009)... | S | |
| CVE-2023-45205 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected a... | S | |
| CVE-2023-45206 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help docume... | | |
| CVE-2023-45207 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a ... | | |
| CVE-2023-45208 | A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X18... | E | |
| CVE-2023-45209 | An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi fun... | | |
| CVE-2023-45210 | Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a... | | |
| CVE-2023-45213 | Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains | M | |
| CVE-2023-45215 | A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realt... | | |
| CVE-2023-45217 | Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an auth... | | |
| CVE-2023-45219 | BIG-IP tmsh vulnerability | | |
| CVE-2023-45220 | The Android Client application, when enrolled with the define method 1(the user manually inserts the... | M | |
| CVE-2023-45221 | Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to p... | | |
| CVE-2023-45222 | Westermo Lynx Cross-site Scripting | M | |
| CVE-2023-45223 | Users full name disclosure through Mattermost Boards with Show Full Name Option disabled | S | |
| CVE-2023-45224 | Rejected reason: This is unused.... | R | |
| CVE-2023-45225 | Zavio IP Camera Stack-Based Buffer Overflow | M | |
| CVE-2023-45226 | BIG-IP Next SPK SSH vulnerability | | |
| CVE-2023-45227 | Westermo Lynx Cross-site Scripting | M | |
| CVE-2023-45228 | Sielco Radio Link and Analog FM Transmitters Improper Access Control | M | |
| CVE-2023-45229 | Out-of-Bounds Read in EDK II Network Package | | |
| CVE-2023-45230 | Buffer Overflow in EDK II Network Package | | |
| CVE-2023-45231 | Out-of-Bounds Read in EDK II Network Package | | |
| CVE-2023-45232 | Infinite loop in EDK II Network Package | | |
| CVE-2023-45233 | Infinite loop in EDK II Network Package | | |
| CVE-2023-45234 | Buffer Overflow in EDK II Network Package | | |
| CVE-2023-45235 | Buffer Overflow in EDK II Network Package | | |
| CVE-2023-45236 | Predictable TCP ISNs in EDK II Network Package | | |
| CVE-2023-45237 | Use of a Weak PseudoRandom Number Generator in EDK II Network Package | | |
| CVE-2023-45239 | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth c... | E S | |
| CVE-2023-45240 | Sensitive information disclosure due to missing authorization. The following products are affected: ... | | |
| CVE-2023-45241 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Pro... | | |
| CVE-2023-45242 | Sensitive information disclosure due to missing authorization. The following products are affected: ... | | |
| CVE-2023-45243 | Sensitive information disclosure due to missing authorization. The following products are affected: ... | | |
| CVE-2023-45244 | Sensitive information disclosure and manipulation due to missing authorization. The following produc... | | |
| CVE-2023-45245 | Sensitive information disclosure due to missing authorization. The following products are affected: ... | | |
| CVE-2023-45246 | Sensitive information disclosure and manipulation due to missing authorization. The following produc... | | |
| CVE-2023-45247 | Sensitive information disclosure and manipulation due to missing authorization. The following produc... | | |
| CVE-2023-45248 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2023-45249 | Remote command execution due to use of default passwords. The following products are affected: Acron... | KEV | |
| CVE-2023-45251 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-45252 | DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including versio... | E | |
| CVE-2023-45253 | An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.... | E | |
| CVE-2023-45267 | WordPress IRivYou Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45268 | WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45269 | WordPress Simple SEO Plugin <= 2.0.25 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-45270 | WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45271 | WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability | S | |
| CVE-2023-45272 | WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability | S | |
| CVE-2023-45273 | WordPress Stout Google Calendar Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45274 | WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45275 | WordPress Contact Form builder with drag & drop plugin <= 2.3.28 - Broken Access Control vulnerability | S | |
| CVE-2023-45276 | WordPress Automated Editor Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45277 | Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage... | E S | |
| CVE-2023-45278 | Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows atta... | E S | |
| CVE-2023-45279 | Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buck... | E S | |
| CVE-2023-45280 | Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buck... | E S | |
| CVE-2023-45281 | An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML fil... | E | |
| CVE-2023-45282 | In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.... | S | |
| CVE-2023-45283 | Insecure parsing of Windows paths with a \??\ prefix in path/filepath | | |
| CVE-2023-45284 | Incorrect detection of reserved device names on Windows in path/filepath | | |
| CVE-2023-45285 | Command 'go get' may unexpectedly fallback to insecure git in cmd/go | S | |
| CVE-2023-45286 | HTTP request body disclosure in github.com/go-resty/resty/v2 | E S | |
| CVE-2023-45287 | Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel | | |
| CVE-2023-45288 | HTTP/2 CONTINUATION flood in net/http | | |
| CVE-2023-45289 | Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http | | |
| CVE-2023-45290 | Memory exhaustion in multipart form parsing in net/textproto and net/http | | |
| CVE-2023-45292 | Captcha verification bypass in github.com/mojocn/base64Captcha | E S | |
| CVE-2023-45303 | ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email... | E | |
| CVE-2023-45311 | fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, whic... | E S | |
| CVE-2023-45312 | In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote... | | |
| CVE-2023-45315 | Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an... | | |
| CVE-2023-45316 | Reflected client side path traversal leading to CSRF in Playbooks | S | |
| CVE-2023-45317 | Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery | M | |
| CVE-2023-45318 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedde... | E | |
| CVE-2023-45319 | Unauthenticated Remote Denial-of-Service (Commit) in Helix Core | | |
| CVE-2023-45320 | Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 ... | | |
| CVE-2023-45321 | The Android Client application, when enrolled with the define method 1 (the user manually inserts t... | M | |
| CVE-2023-45322 | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fa... | S | |
| CVE-2023-45323 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45324 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45325 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45326 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45327 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45328 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45329 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45330 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45331 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45332 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45333 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45334 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45335 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45336 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45337 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45338 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45339 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-45340 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45341 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45342 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45343 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45344 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45345 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45346 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45347 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-45348 | Apache Airflow: Configuration information leakage vulnerability | S | |
| CVE-2023-45349 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assi... | | |
| CVE-2023-45350 | Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege ... | | |
| CVE-2023-45351 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V... | | |
| CVE-2023-45352 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authen... | | |
| CVE-2023-45353 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authen... | | |
| CVE-2023-45354 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authen... | | |
| CVE-2023-45355 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V1... | | |
| CVE-2023-45356 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1... | | |
| CVE-2023-45357 | Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vuln... | | |
| CVE-2023-45358 | Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vul... | | |
| CVE-2023-45359 | An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1... | | |
| CVE-2023-45360 | An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x... | E S | |
| CVE-2023-45361 | An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki be... | | |
| CVE-2023-45362 | An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x b... | E S | |
| CVE-2023-45363 | An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before ... | E | |
| CVE-2023-45364 | An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.... | | |
| CVE-2023-45367 | An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39... | E | |
| CVE-2023-45369 | An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.3... | | |
| CVE-2023-45370 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.... | | |
| CVE-2023-45371 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.... | | |
| CVE-2023-45372 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.... | | |
| CVE-2023-45373 | An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through ... | | |
| CVE-2023-45374 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.... | | |
| CVE-2023-45375 | In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a g... | E S | |
| CVE-2023-45376 | In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaS... | E | |
| CVE-2023-45377 | In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. ... | S | |
| CVE-2023-45378 | In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest... | S | |
| CVE-2023-45379 | In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for Presta... | | |
| CVE-2023-45380 | In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.... | | |
| CVE-2023-45381 | In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop,... | | |
| CVE-2023-45382 | In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaSho... | | |
| CVE-2023-45383 | In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for P... | S | |
| CVE-2023-45384 | KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangero... | | |
| CVE-2023-45385 | ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprin... | | |
| CVE-2023-45386 | In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform... | E S | |
| CVE-2023-45387 | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.... | S | |
| CVE-2023-45391 | A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding ... | E | |
| CVE-2023-45393 | An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenti... | E | |
| CVE-2023-45394 | Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Sectio... | E | |
| CVE-2023-45396 | An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos E... | | |
| CVE-2023-45463 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the... | E | |
| CVE-2023-45464 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. Thi... | E | |
| CVE-2023-45465 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomai... | E | |
| CVE-2023-45466 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host ... | E | |
| CVE-2023-45467 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP... | E | |
| CVE-2023-45468 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerab... | E | |
| CVE-2023-45471 | The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and incl... | E | |
| CVE-2023-45479 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the ... | E | |
| CVE-2023-45480 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the ... | E | |
| CVE-2023-45481 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the ... | E | |
| CVE-2023-45482 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the ... | E | |
| CVE-2023-45483 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the ... | E | |
| CVE-2023-45484 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the ... | E | |
| CVE-2023-45485 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-45498 | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command inj... | E | |
| CVE-2023-45499 | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded cre... | E | |
| CVE-2023-45503 | SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary... | E | |
| CVE-2023-45510 | tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs ... | | |
| CVE-2023-45511 | A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via... | E | |
| CVE-2023-45539 | HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to o... | | |
| CVE-2023-45540 | An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML ... | E | |
| CVE-2023-45542 | Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive i... | E | |
| CVE-2023-45552 | In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in... | | |
| CVE-2023-45554 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via m... | E | |
| CVE-2023-45555 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a... | E | |
| CVE-2023-45556 | Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute a... | E S | |
| CVE-2023-45558 | An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channe... | E | |
| CVE-2023-45559 | An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage... | E | |
| CVE-2023-45560 | An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage... | E | |
| CVE-2023-45561 | An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications... | | |
| CVE-2023-45572 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1... | E | |
| CVE-2023-45573 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1... | E | |
| CVE-2023-45574 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1... | E | |
| CVE-2023-45575 | Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 ... | E | |
| CVE-2023-45576 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1... | E | |
| CVE-2023-45577 | Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 ... | E | |
| CVE-2023-45578 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1... | E | |
| CVE-2023-45579 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1... | E | |
| CVE-2023-45580 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1... | E | |
| CVE-2023-45581 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 th... | S | |
| CVE-2023-45582 | An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail we... | S | |
| CVE-2023-45583 | A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.... | S | |
| CVE-2023-45585 | An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0... | S | |
| CVE-2023-45586 | An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VP... | S | |
| CVE-2023-45587 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet ... | S | |
| CVE-2023-45588 | An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and... | S | |
| CVE-2023-45589 | Rejected reason: Not used... | R | |
| CVE-2023-45590 | An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.... | S | |
| CVE-2023-45591 | A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu... | | |
| CVE-2023-45592 | A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (du... | | |
| CVE-2023-45593 | A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (con... | | |
| CVE-2023-45594 | A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromi... | | |
| CVE-2023-45595 | A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration... | | |
| CVE-2023-45596 | A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionali... | | |
| CVE-2023-45597 | A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_co... | | |
| CVE-2023-45598 | A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the w... | | |
| CVE-2023-45599 | A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec... | | |
| CVE-2023-45600 | A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session... | | |
| CVE-2023-45601 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (... | S | |
| CVE-2023-45602 | WordPress Ebook Store Plugin <= 5.785 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45603 | WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-45604 | WordPress Get Custom Field Values Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45605 | WordPress Feed Statistics Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45606 | WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45607 | WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45608 | WordPress Smart Cookie Kit Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45609 | WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45612 | In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulne... | S | |
| CVE-2023-45613 | In JetBrains Ktor before 2.3.5 server certificates were not verified... | S | |
| CVE-2023-45614 | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthent... | M | |
| CVE-2023-45615 | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthent... | M | |
| CVE-2023-45616 | There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to... | M | |
| CVE-2023-45617 | There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's acces... | M | |
| CVE-2023-45618 | There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Ar... | M | |
| CVE-2023-45619 | There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's acce... | M | |
| CVE-2023-45620 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PA... | M | |
| CVE-2023-45621 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PA... | M | |
| CVE-2023-45622 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via... | M | |
| CVE-2023-45623 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed v... | M | |
| CVE-2023-45624 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via t... | M | |
| CVE-2023-45625 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Succes... | M | |
| CVE-2023-45626 | An authenticated vulnerability has been identified allowing an attacker to effectively establish hig... | M | |
| CVE-2023-45627 | An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploit... | M | |
| CVE-2023-45628 | WordPress QR Twitter Widget Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45629 | WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45630 | WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45631 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability | | |
| CVE-2023-45632 | WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45633 | WordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerability | | |
| CVE-2023-45634 | WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45635 | WordPress Responsive Tabs plugin < 4.0.6 - HTML Content Injection vulnerability | S | |
| CVE-2023-45636 | WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability | S | |
| CVE-2023-45637 | WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45638 | WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-45639 | WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-45640 | WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45641 | WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45642 | WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45643 | WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45644 | WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45645 | WordPress WP Open Street Map Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-45646 | WordPress PDF Block Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45647 | WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45648 | Apache Tomcat: Trailer header parsing too lenient | | |
| CVE-2023-45649 | WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability | S | |
| CVE-2023-45650 | WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45651 | WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-45652 | WordPress Remote Content Shortcode plugin <= 1.5 - Local File Inclusion vulnerability | | |
| CVE-2023-45653 | WordPress Video Playlist For YouTube Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45654 | WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45655 | WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-45656 | WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45657 | WordPress Nexter Theme <= 2.0.3 is vulnerable to SQL Injection | S | |
| CVE-2023-45658 | WordPress Nexter theme <= 2.0.3 - Broken Access Control vulnerability | S | |
| CVE-2023-45659 | Session is not expiring after password reset in Engelsystem | E S | |
| CVE-2023-45660 | Require strict cookies for image proxy requests in Nextcloud Mail | S | |
| CVE-2023-45661 | Wild address read in stbi__gif_load_next in stb_image | S | |
| CVE-2023-45662 | Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image | | |
| CVE-2023-45663 | Disclosure of uninitialized memory in stbi__tga_load in stb_image | | |
| CVE-2023-45664 | Double-free in stbi__load_gif_main_outofmem in stb_image | | |
| CVE-2023-45665 | Rejected reason: This CVE is a duplicate of another CVE.... | R | |
| CVE-2023-45666 | Possible double-free or memory leak in stbi__load_gif_main in stb_image | | |
| CVE-2023-45667 | Null pointer dereference because of an uninitialized variable in stb_image | | |
| CVE-2023-45669 | Improper signature counter value handling in webauthn4j-spring-security | S | |
| CVE-2023-45670 | Frigate cross-site request forgery in `config_save` and `config_set` request handlers | E | |
| CVE-2023-45671 | Frigate reflected XSS through `/ | E | |
| CVE-2023-45672 | Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py` | E | |
| CVE-2023-45673 | Arbitrary code execution on click of PDF links in Joplin | E | |
| CVE-2023-45674 | SQL injection vulnerability in Farmbot-Web-App | | |
| CVE-2023-45675 | 0 byte write heap buffer overflow in start_decoder in stb_vorbis | | |
| CVE-2023-45676 | Multi-byte write heap buffer overflow in start_decoder in stb_vorbis | | |
| CVE-2023-45677 | Heap buffer out of bounds write in start_decoder in stb_vorbis | | |
| CVE-2023-45678 | Off-by-one heap buffer write in start_decoder in stb_vorbis | | |
| CVE-2023-45679 | Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis | | |
| CVE-2023-45680 | Null pointer dereference in vorbis_deinit in stb_vorbis | | |
| CVE-2023-45681 | Out of bounds heap buffer write in stb_vorbis | | |
| CVE-2023-45682 | Wild address read in vorbis_decode_packet_rest in stb_vorbis | | |
| CVE-2023-45683 | Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml | S | |
| CVE-2023-45684 | Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 ... | | |
| CVE-2023-45685 | Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers | E | |
| CVE-2023-45686 | Arbitrary file write via WebDAV path traversal in Titan MFT and Titan SFTP servers | E | |
| CVE-2023-45687 | Authentication bypass via session fixation in Titan MFT and Titan SFTP servers | E | |
| CVE-2023-45688 | Information leak via path traversal in Titan MFT and Titan SFTP servers | E | |
| CVE-2023-45689 | Arbitrary file read via path traversal in Titan MFT and Titan SFTP servers | E | |
| CVE-2023-45690 | Information leak via default file permissions on Titan MFT and Titan SFTP servers | E | |
| CVE-2023-45696 | HCL Sametime is impacted by an autocomplete enabled vulnerability | | |
| CVE-2023-45698 | HCL Sametime is impacted by clickjacking | | |
| CVE-2023-45700 | HCL Launch is susceptible to an HTML injection vulnerability | | |
| CVE-2023-45701 | HCL Launch is susceptible to sensitive information disclosure | | |
| CVE-2023-45702 | HCL Launch Agent as a Windows service is vulnerable to a Denial of Service | | |
| CVE-2023-45703 | HCL Launch is susceptible to a Denial of Service vulnerability | | |
| CVE-2023-45705 | HCL BigFix Platform is susceptible to Server Side Request Forgery (SSRF) | | |
| CVE-2023-45706 | HCL BigFix Platform is susceptible to Cross Site Scripting (XSS) and/or Man in the Middle (MITM) attack | | |
| CVE-2023-45707 | HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS) | | |
| CVE-2023-45715 | HCL BigFix Platform is susceptible to a Denial of Service attack | | |
| CVE-2023-45716 | HCL Sametime is impacted by a sensitive information disclosure | | |
| CVE-2023-45718 | HCL Sametime is impacted by a failure to invalidate sessions | | |
| CVE-2023-45720 | HCL Leap is affected by a disclosure of private personal information vulnerability | | |
| CVE-2023-45721 | HCL Domino Volt and Domino Leap are affected by a disclosure of private personal information vulnerability | | |
| CVE-2023-45722 | Path Traversal Arbitrary File Read affects DRYiCE MyXalytics | | |
| CVE-2023-45723 | Path Traversal which allows file upload capability affects DRYiCE MyXalytics | | |
| CVE-2023-45724 | Unauthenticated File Upload affects DRYiCE MyXalytics | | |
| CVE-2023-45725 | Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents | S | |
| CVE-2023-45727 | Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier... | KEV | |
| CVE-2023-45733 | Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user ... | | |
| CVE-2023-45734 | Dsoftbus has an out-of-bounds write vulnerability | | |
| CVE-2023-45735 | Westermo Lynx Code Injection | M | |
| CVE-2023-45736 | Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow ... | | |
| CVE-2023-45737 | Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markd... | | |
| CVE-2023-45738 | Rejected reason: This is unused.... | R | |
| CVE-2023-45740 | Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions pr... | | |
| CVE-2023-45741 | VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web manageme... | S | |
| CVE-2023-45742 | An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek r... | E | |
| CVE-2023-45743 | Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may al... | S | |
| CVE-2023-45744 | A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality ... | | |
| CVE-2023-45745 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allo... | | |
| CVE-2023-45746 | Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to ... | | |
| CVE-2023-45747 | WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45748 | WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45749 | WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45750 | WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45751 | WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE) | S | |
| CVE-2023-45752 | WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45753 | WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45754 | WordPress Easy Testimonial Slider and Form Plugin <= 1.0.18 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45755 | WordPress BuddyPress Global Search Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45756 | WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45757 | Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability | | |
| CVE-2023-45758 | WordPress Amministrazione Trasparente Plugin <= 8.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45759 | WordPress Peter’s Custom Anti-Spam Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45760 | WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability | S | |
| CVE-2023-45761 | WordPress Sendle Shipping Plugin <= 5.13 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45762 | WordPress Responsive Column Widgets Plugin <= 1.2.7 is vulnerable to Open Redirection | | |
| CVE-2023-45763 | WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45764 | WordPress Scroll post excerpt Plugin <= 8.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45765 | WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability | S | |
| CVE-2023-45766 | WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability | S | |
| CVE-2023-45767 | WordPress Simple Tweet Plugin <= 1.4.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45768 | WordPress Next Page Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45769 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45770 | WordPress Fast WP Speed Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45771 | WordPress Contact Form With Captcha plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2023-45772 | WordPress Proofreading Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45773 | In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bo... | S | |
| CVE-2023-45774 | In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's... | S | |
| CVE-2023-45775 | In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing ... | S | |
| CVE-2023-45776 | In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing ... | S | |
| CVE-2023-45777 | In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch ... | S | |
| CVE-2023-45779 | In the APEX module framework of AOSP, there is a possible malicious update to platform components du... | | |
| CVE-2023-45780 | In Print Service, there is a possible background activity launch due to a logic error in the code. T... | | |
| CVE-2023-45781 | In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check.... | | |
| CVE-2023-45793 | A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affe... | | |
| CVE-2023-45794 | A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0),... | | |
| CVE-2023-45797 | DreamSecurity MagicLine Buffer Overflow Vulnerability | | |
| CVE-2023-45798 | Yettiesoft VestCert Remote Code Execution Vulnerability | | |
| CVE-2023-45799 | MLSoft TCO!stream Remote Code Execution Vulnerability | | |
| CVE-2023-45800 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i... | | |
| CVE-2023-45801 | Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affec... | | |
| CVE-2023-45802 | Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST | | |
| CVE-2023-45803 | Request body not stripped after redirect in urllib3 | S | |
| CVE-2023-45804 | Rejected reason: User requested a CVE number by mistake... | R | |
| CVE-2023-45805 | Trojan Lockfilein pdm | E S | |
| CVE-2023-45806 | Discourse vulnerable to DoS via Regexp Injection in Full Name | S | |
| CVE-2023-45807 | OpenSearch Issue with tenant read-only permissions | | |
| CVE-2023-45808 | iTop missing silo check on extkey in console and portal | S | |
| CVE-2023-45809 | Disclosure of user names via admin bulk action views in wagtail | S | |
| CVE-2023-45810 | OpenFGA denial of service | | |
| CVE-2023-45811 | Prototype pollution vulnerability leading to arbitrary code execution in synchrony deobfuscator | E S | |
| CVE-2023-45812 | Improper Check or Handling of Exceptional Conditions in apollo-router | S | |
| CVE-2023-45813 | Inefficient Regular Expression Complexity in TorBot | E S | |
| CVE-2023-45814 | Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum | S | |
| CVE-2023-45815 | Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context in ArchiveBox | E S | |
| CVE-2023-45816 | Unread bookmark reminder notifications that the user cannot access can be seen | S | |
| CVE-2023-45817 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9823. Reason: T... | R | |
| CVE-2023-45818 | Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin | | |
| CVE-2023-45819 | Cross-site Scripting vulnerability in TinyMCE notificationManager.open API | | |
| CVE-2023-45820 | Directus crashes on invalid WebSocket message | E S | |
| CVE-2023-45821 | Incorrect Docker Hub registry check in Artifact Hub | | |
| CVE-2023-45822 | Unsafe rego built-in allowed in Artifact Hub | M | |
| CVE-2023-45823 | Arbitrary file read in Artifact Hub | | |
| CVE-2023-45824 | OroPlatform's pinned entity creation form shows pages of other users | S | |
| CVE-2023-45825 | Token in custom credentials object can leak through logs in ydb-go-sdk | | |
| CVE-2023-45826 | Authenticated SQL Injection in leantime | S | |
| CVE-2023-45827 | Prototype Pollution vulnerability in @clickbar/dot-diver | S | |
| CVE-2023-45828 | WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability | S | |
| CVE-2023-45829 | WordPress Newsletter & Bulk Email Sender Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45830 | WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection | S | |
| CVE-2023-45831 | WordPress AMP WP Plugin <= 1.5.15 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45832 | WordPress WP GoToWebinar Plugin <= 14.45 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-45833 | WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45834 | WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Sensitive Data Exposure | | |
| CVE-2023-45835 | WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45836 | WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-45837 | WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-45838 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroo... | E S | |
| CVE-2023-45839 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroo... | E | |
| CVE-2023-45840 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroo... | E | |
| CVE-2023-45841 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroo... | E | |
| CVE-2023-45842 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroo... | E | |
| CVE-2023-45844 | The vulnerability allows a low privileged user that have access to the device when locked in Kiosk m... | M | |
| CVE-2023-45845 | Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before versio... | | |
| CVE-2023-45846 | Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticat... | | |
| CVE-2023-45847 | Playbook Plugin Crash via Run Checklist | S | |
| CVE-2023-45849 | Arbitrary Code Execution in Helix Core | | |
| CVE-2023-45850 | Rejected reason: This is unused.... | R | |
| CVE-2023-45851 | The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker withou... | M | |
| CVE-2023-45852 | In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authenti... | E | |
| CVE-2023-45853 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipO... | S | |
| CVE-2023-45854 | A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quant... | | |
| CVE-2023-45855 | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.... | E | |
| CVE-2023-45856 | qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload... | E | |
| CVE-2023-45857 | An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cooki... | E | |
| CVE-2023-45859 | In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.... | S | |
| CVE-2023-45860 | In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File... | S | |
| CVE-2023-45862 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the ... | S | |
| CVE-2023-45863 | An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an atta... | S | |
| CVE-2023-45864 | A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 12... | | |
| CVE-2023-45866 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate an... | S | |
| CVE-2023-45867 | ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vu... | E | |
| CVE-2023-45868 | The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privilege... | E | |
| CVE-2023-45869 | ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands... | E | |
| CVE-2023-45871 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux ... | S | |
| CVE-2023-45872 | An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image r... | | |
| CVE-2023-45873 | An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of servi... | | |
| CVE-2023-45874 | An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of servi... | | |
| CVE-2023-45875 | An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while ad... | | |
| CVE-2023-45878 | GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_sav... | E | |
| CVE-2023-45879 | GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager componen... | E | |
| CVE-2023-45880 | GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. ... | E | |
| CVE-2023-45881 | GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php f... | E | |
| CVE-2023-45883 | A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for... | | |
| CVE-2023-45884 | Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows ... | E | |
| CVE-2023-45885 | Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attacke... | E | |
| CVE-2023-45886 | The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial o... | E | |
| CVE-2023-45887 | DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to exe... | | |
| CVE-2023-45889 | A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 a... | E | |
| CVE-2023-45892 | An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthen... | | |
| CVE-2023-45893 | An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 ... | | |
| CVE-2023-45894 | The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applic... | | |
| CVE-2023-45896 | ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory... | | |
| CVE-2023-45897 | exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.... | E S | |
| CVE-2023-45898 | The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4... | S | |
| CVE-2023-45899 | An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before ... | E S | |
| CVE-2023-45901 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-45902 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-45903 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-45904 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-45905 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-45906 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-45907 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-45908 | Homarr before v0.14.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability vi... | | |
| CVE-2023-45909 | zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.... | S | |
| CVE-2023-45911 | An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to ... | E | |
| CVE-2023-45912 | WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauth... | E | |
| CVE-2023-45913 | Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawabl... | | |
| CVE-2023-45916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45918 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45919 | Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is di... | | |
| CVE-2023-45920 | Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: t... | | |
| CVE-2023-45921 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45922 | glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGe... | | |
| CVE-2023-45923 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45924 | libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the... | | |
| CVE-2023-45925 | GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference vi... | | |
| CVE-2023-45926 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45927 | S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().... | | |
| CVE-2023-45928 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45929 | S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().... | | |
| CVE-2023-45930 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45931 | Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error s... | | |
| CVE-2023-45932 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-45935 | Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnectio... | | |
| CVE-2023-45951 | lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter... | E | |
| CVE-2023-45952 | An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows a... | E | |
| CVE-2023-45955 | An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service vi... | | |
| CVE-2023-45956 | An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via cr... | | |
| CVE-2023-45957 | A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.p... | S | |
| CVE-2023-45958 | Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerabili... | S | |
| CVE-2023-45960 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-45966 | umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerabil... | E | |
| CVE-2023-45984 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to ... | E | |
| CVE-2023-45985 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to... | E | |
| CVE-2023-45990 | Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privile... | E | |
| CVE-2023-45992 | A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 553... | E | |
| CVE-2023-45996 | SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allow... | E | |
| CVE-2023-45998 | kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing ... | |