| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-46001 | Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attac... | E S | |
| CVE-2023-46003 | I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.... | E | |
| CVE-2023-46004 | Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the upda... | E | |
| CVE-2023-46005 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter i... | E | |
| CVE-2023-46006 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter i... | E | |
| CVE-2023-46007 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter i... | E | |
| CVE-2023-46009 | gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at ... | E S | |
| CVE-2023-46010 | An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php co... | | |
| CVE-2023-46012 | Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitr... | | |
| CVE-2023-46014 | SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to... | E | |
| CVE-2023-46015 | Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attacke... | E | |
| CVE-2023-46016 | Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitr... | E | |
| CVE-2023-46017 | SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to... | E | |
| CVE-2023-46018 | SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to ... | E | |
| CVE-2023-46019 | Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers... | E | |
| CVE-2023-46020 | Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to ... | E | |
| CVE-2023-46021 | SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run ar... | E | |
| CVE-2023-46022 | SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run ar... | E | |
| CVE-2023-46023 | SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to... | | |
| CVE-2023-46024 | SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System ... | E | |
| CVE-2023-46025 | SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management ... | E | |
| CVE-2023-46026 | Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Man... | E | |
| CVE-2023-46033 | D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect... | | |
| CVE-2023-46040 | Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbi... | E | |
| CVE-2023-46042 | An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted p... | E | |
| CVE-2023-46045 | Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOT... | E | |
| CVE-2023-46046 | An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn fi... | | |
| CVE-2023-46047 | An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the s... | | |
| CVE-2023-46048 | Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is dis... | | |
| CVE-2023-46049 | LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex... | | |
| CVE-2023-46050 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-46051 | TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this i... | | |
| CVE-2023-46052 | Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string i... | | |
| CVE-2023-46054 | Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to ... | E | |
| CVE-2023-46055 | An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate ... | E | |
| CVE-2023-46058 | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to... | E | |
| CVE-2023-46059 | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to... | E | |
| CVE-2023-46060 | A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial ... | E | |
| CVE-2023-46066 | WordPress Mediabay Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46067 | WordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46068 | WordPress Maileon Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46069 | WordPress Ajax Archive Calendar Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46070 | WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46071 | WordPress Protección de Datos RGPD Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46072 | WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46073 | WordPress DX Delete Attached Media plugin <= 2.0.5.1 - Broken Access Control vulnerability + CSRF | S | |
| CVE-2023-46074 | WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46075 | WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46076 | WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46077 | WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46078 | WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46079 | WordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerability | S | |
| CVE-2023-46080 | WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability | S | |
| CVE-2023-46081 | WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46082 | WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability | S | |
| CVE-2023-46083 | WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability | S | |
| CVE-2023-46084 | WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection | S | |
| CVE-2023-46085 | WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46086 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46087 | WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46088 | WordPress WP Full Stripe Free Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46089 | WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46090 | WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46091 | WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46092 | WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46093 | WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46094 | WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46095 | WordPress Smooth Scroll Links Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46096 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of aff... | S | |
| CVE-2023-46097 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of aff... | S | |
| CVE-2023-46098 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Inf... | S | |
| CVE-2023-46099 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cros... | S | |
| CVE-2023-46100 | Cert manager has a use of uninitialized resource vulnerability | | |
| CVE-2023-46102 | The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to e... | M | |
| CVE-2023-46103 | Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processor... | | |
| CVE-2023-46104 | Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb | | |
| CVE-2023-46115 | Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli | | |
| CVE-2023-46116 | Remote Code Execution via insufficiently sanitized call to shell.openExternal | E S | |
| CVE-2023-46117 | Inadequate validation of retrieved subdomains may lead to a Remote Code Execution in reconFTW | S | |
| CVE-2023-46118 | Denial of Service by publishing large messages over the HTTP API | | |
| CVE-2023-46119 | Parse Server may crash when uploading file without extension | S | |
| CVE-2023-46120 | RabbitMQ Java client's lack of message size limitation leads to remote DoS attack | E S | |
| CVE-2023-46121 | Generic Extractor MITM Vulnerability in yt-dlp | S | |
| CVE-2023-46122 | Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt | E S | |
| CVE-2023-46123 | jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values | E | |
| CVE-2023-46124 | Server-Side Request Forgery Vulnerability in Custom Integration Upload | S | |
| CVE-2023-46125 | Fides Information Disclosure Vulnerability in Config API Endpoint | S | |
| CVE-2023-46126 | Fides JavaScript Injection Vulnerability in Privacy Center URL | S | |
| CVE-2023-46127 | Frappe vulnerable to HTML injection by any Desk user | S | |
| CVE-2023-46128 | Exposure of hashed user passwords via REST API in Nautobot | E S | |
| CVE-2023-46129 | xkeys Seal encryption used fixed key for all encryption | | |
| CVE-2023-46130 | Bypassing height value allowed in some theme components | S | |
| CVE-2023-46131 | Grails® data binding causes JVM crash and/or DoS | S | |
| CVE-2023-46132 | Crosslinking transaction attack in hyperledger/fabric | E M | |
| CVE-2023-46133 | crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard | E S | |
| CVE-2023-46134 | D-Tale vulnerable to Remote Code Execution through the Custom Filter Input | S | |
| CVE-2023-46135 | Panic in SignedPayload::from_payload | E | |
| CVE-2023-46136 | Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning | S | |
| CVE-2023-46137 | twisted.web has disordered HTTP pipeline response | E | |
| CVE-2023-46138 | JumpServer default admin user email leak password reset | S | |
| CVE-2023-46139 | KernelSU signature validation mismatch | | |
| CVE-2023-46141 | Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource | | |
| CVE-2023-46142 | PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control | | |
| CVE-2023-46143 | Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC | | |
| CVE-2023-46144 | PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check | | |
| CVE-2023-46145 | WordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerability | S | |
| CVE-2023-46146 | WordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerability | S | |
| CVE-2023-46147 | WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object Injection | S | |
| CVE-2023-46148 | WordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerability | S | |
| CVE-2023-46149 | WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload | S | |
| CVE-2023-46150 | WordPress WP Radio plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46151 | WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46152 | WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-46153 | WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46154 | WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection | S | |
| CVE-2023-46156 | Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow... | | |
| CVE-2023-46157 | File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS co... | | |
| CVE-2023-46158 | IBM WebSphere Application Server session fixation | | |
| CVE-2023-46159 | IBM Storage Ceph denial of service | S | |
| CVE-2023-46167 | IBM Db2 denial of service | | |
| CVE-2023-46169 | IBM DS8900F file manipulation | | |
| CVE-2023-46170 | IBM DS8900F information disclosure | | |
| CVE-2023-46171 | IBM DS8900F information disclosure | | |
| CVE-2023-46172 | IBM DS8900F security bypass | | |
| CVE-2023-46174 | IBM InfoSphere Information Server cross-site scripting | S | |
| CVE-2023-46175 | IBM Cloud Pak for Multicloud Management information disclosure | | |
| CVE-2023-46176 | IBM MQ privilege escalation | S | |
| CVE-2023-46177 | IBM MQ Appliance information disclosure | S | |
| CVE-2023-46179 | IBM Secure Proxy information disclosure | S | |
| CVE-2023-46181 | IBM Secure Proxy information disclosure | S | |
| CVE-2023-46182 | IBM Secure Proxy cross-site scripting | | |
| CVE-2023-46183 | IBM PowerVM Hypervisor information disclosure | | |
| CVE-2023-46186 | IBM Jazz for Service Management information disclosure | | |
| CVE-2023-46187 | IBM InfoSphere Master Data Management cross-site scripting | | |
| CVE-2023-46188 | WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability | S | |
| CVE-2023-46189 | WordPress Google Calendar Events Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46190 | WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46191 | WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46192 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46193 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46194 | WordPress Archivist – Custom Archive Templates Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46195 | WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability | S | |
| CVE-2023-46196 | WordPress Social proof testimonials and reviews by Repuso plugin <= 4.97 - Broken Access Control vulnerability | S | |
| CVE-2023-46197 | WordPress Popup by Supsystic plugin <= 1.10.19 - Unauthenticated Subscriber Email Addresses Disclosure | S | |
| CVE-2023-46198 | WordPress Appointment Calendar Plugin <= 2.9.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46199 | WordPress Triberr Plugin <= 4.1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46200 | WordPress Smart App Banner Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46201 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46202 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46203 | WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability | | |
| CVE-2023-46204 | WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46205 | WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 - Local File Inclusion vulnerability | S | |
| CVE-2023-46206 | WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability | S | |
| CVE-2023-46207 | WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Server Side Request Forgery (SSRF) | | |
| CVE-2023-46208 | WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46209 | WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46210 | WordPress WC Captcha Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46211 | WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46212 | WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control | S | |
| CVE-2023-46213 | Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page | | |
| CVE-2023-46214 | Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing | | |
| CVE-2023-46215 | Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend | S | |
| CVE-2023-46216 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46217 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46218 | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to... | E S | |
| CVE-2023-46219 | When saving HSTS data to an excessively long file name, curl could end up removing all contents, mak... | E | |
| CVE-2023-46220 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46221 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46222 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46223 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46224 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46225 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46226 | Apache IoTDB: Remote Code Execution (RCE) risk via the UDF | | |
| CVE-2023-46227 | Apache inlong has an Arbitrary File Read Vulnerability | | |
| CVE-2023-46228 | zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, li... | S | |
| CVE-2023-46229 | LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling c... | S | |
| CVE-2023-46230 | Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder | | |
| CVE-2023-46231 | Session Token Disclosure to Internal Log Files in Splunk Add-on Builder | | |
| CVE-2023-46232 | era-compiler-vyper First Immutable Variable Initialization vulnerability | E S | |
| CVE-2023-46233 | crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard | S | |
| CVE-2023-46234 | browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack | | |
| CVE-2023-46235 | FOG stored XSS on log screen via unsanitized request logging | S | |
| CVE-2023-46236 | FOG SSRF via unauthenticated endpoint(s) | S | |
| CVE-2023-46237 | FOG path traversal via unauthenticated endpoint | S | |
| CVE-2023-46238 | XSS with User Avatar image in ZITADEL | S | |
| CVE-2023-46239 | quic-go vulnerable to pointer dereference that can lead to panic | S | |
| CVE-2023-46240 | CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment | S | |
| CVE-2023-46241 | Potential account take over due to unverified emails from Microsoft Identity Platform | S | |
| CVE-2023-46242 | Code injection in XWiki Platform | S | |
| CVE-2023-46243 | Code execution via the edit action in XWiki platform | S | |
| CVE-2023-46244 | Privilege escalation in Xwiki platform | S | |
| CVE-2023-46245 | Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File | E | |
| CVE-2023-46246 | Integer Overflow in :history command in Vim | E S | |
| CVE-2023-46247 | Vyper has incorrect storage layout for contracts containing large arrays | S | |
| CVE-2023-46248 | Overwrite of builtin Cody commands facilitates RCE | E | |
| CVE-2023-46249 | authentik potential installation takeover when default admin user is deleted | S | |
| CVE-2023-46250 | pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF | S | |
| CVE-2023-46251 | Visual editor persistent Cross-site Scripting (XSS) in MyBB | S | |
| CVE-2023-46252 | Cross-Site Scripting (XSS) via postMessage Handler in Squidex | E | |
| CVE-2023-46253 | Remote code execution in Squidex | E | |
| CVE-2023-46254 | Service accounts can see namespaces of other tenants in capsule-proxy | S | |
| CVE-2023-46255 | `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed | S | |
| CVE-2023-46256 | PX4-Autopilot Heap Buffer Overflow Bug | E | |
| CVE-2023-46257 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46258 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46259 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46260 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46261 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46262 | An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Requ... | | |
| CVE-2023-46263 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 ... | | |
| CVE-2023-46264 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 ... | | |
| CVE-2023-46265 | An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perfor... | | |
| CVE-2023-46266 | An attacker can send a specially crafted request which could lead to leakage of sensitive data or po... | | |
| CVE-2023-46267 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-5631. Reason: This candidate... | R | |
| CVE-2023-46270 | MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes f... | | |
| CVE-2023-46271 | Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. ... | | |
| CVE-2023-46272 | Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 befor... | | |
| CVE-2023-46277 | please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ... | E S | |
| CVE-2023-46278 | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a rem... | | |
| CVE-2023-46279 | Apache Dubbo: Bypass deny serialize list check in Apache Dubbo | | |
| CVE-2023-46280 | A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Aut... | | |
| CVE-2023-46281 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente... | S | |
| CVE-2023-46282 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente... | S | |
| CVE-2023-46283 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente... | S | |
| CVE-2023-46284 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente... | S | |
| CVE-2023-46285 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente... | S | |
| CVE-2023-46287 | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.... | S | |
| CVE-2023-46288 | Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set | S | |
| CVE-2023-46289 | Rockwell Automation FactoryTalk® View Site Edition Vulnerable to Improper Input Validation | S | |
| CVE-2023-46290 | Rockwell Automation FactoryTalk Services Platform Elevated Privileges Vulnerability | S | |
| CVE-2023-46294 | An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally,... | | |
| CVE-2023-46295 | An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occ... | | |
| CVE-2023-46297 | An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker... | | |
| CVE-2023-46298 | Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may ... | E S | |
| CVE-2023-46300 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain esc... | E S | |
| CVE-2023-46301 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain esc... | E S | |
| CVE-2023-46302 | Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization | E S | |
| CVE-2023-46303 | link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by defau... | E | |
| CVE-2023-46304 | modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run ar... | E S | |
| CVE-2023-46306 | The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 be... | | |
| CVE-2023-46307 | An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directo... | | |
| CVE-2023-46308 | In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandO... | | |
| CVE-2023-46309 | WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability | S | |
| CVE-2023-46310 | WordPress wpDiscuz plugin <= 7.6.10 - Content Injection vulnerability | S | |
| CVE-2023-46311 | WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-46312 | WordPress Smart Online Order for Clover Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46313 | WordPress Zotpress Plugin <= 7.3.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46315 | The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a f... | S | |
| CVE-2023-46316 | In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse comma... | | |
| CVE-2023-46317 | Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical respon... | S | |
| CVE-2023-46319 | WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive in... | M | |
| CVE-2023-46321 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They... | | |
| CVE-2023-46322 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hos... | | |
| CVE-2023-46324 | pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve A... | S | |
| CVE-2023-46326 | ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job ... | E | |
| CVE-2023-46327 | Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corp... | | |
| CVE-2023-46331 | WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lea... | | |
| CVE-2023-46332 | WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to ... | E | |
| CVE-2023-46343 | In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc... | S | |
| CVE-2023-46344 | A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base pro... | E | |
| CVE-2023-46345 | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/x... | | |
| CVE-2023-46346 | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.... | | |
| CVE-2023-46347 | In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Desi... | | |
| CVE-2023-46348 | SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate pr... | S | |
| CVE-2023-46349 | In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaMod... | S | |
| CVE-2023-46350 | SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanu... | S | |
| CVE-2023-46351 | In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The me... | S | |
| CVE-2023-46352 | In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontra... | | |
| CVE-2023-46353 | In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest... | M | |
| CVE-2023-46354 | In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for Prest... | | |
| CVE-2023-46355 | In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can downloa... | | |
| CVE-2023-46356 | In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can pe... | E S | |
| CVE-2023-46357 | In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for Presta... | S | |
| CVE-2023-46358 | In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Sne... | | |
| CVE-2023-46359 | An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, m... | E | |
| CVE-2023-46360 | Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary... | E | |
| CVE-2023-46361 | Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /j... | E | |
| CVE-2023-46362 | jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_has... | E | |
| CVE-2023-46363 | jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.... | E | |
| CVE-2023-46369 | Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts ... | E | |
| CVE-2023-46370 | Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the ... | E | |
| CVE-2023-46371 | TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the fun... | E | |
| CVE-2023-46373 | TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincau... | E | |
| CVE-2023-46374 | ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-46375 | ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).... | E | |
| CVE-2023-46376 | Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.... | E | |
| CVE-2023-46377 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2023-46378 | Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary c... | E | |
| CVE-2023-46380 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator device... | | |
| CVE-2023-46381 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator device... | | |
| CVE-2023-46382 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator device... | | |
| CVE-2023-46383 | LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which trans... | | |
| CVE-2023-46384 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Clea... | | |
| CVE-2023-46385 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An a... | | |
| CVE-2023-46386 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Perm... | | |
| CVE-2023-46387 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Acc... | | |
| CVE-2023-46388 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Perm... | | |
| CVE-2023-46389 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Acc... | | |
| CVE-2023-46393 | gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows at... | E | |
| CVE-2023-46394 | A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 all... | E | |
| CVE-2023-46396 | Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company ... | E | |
| CVE-2023-46400 | KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.... | E | |
| CVE-2023-46401 | KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.... | E | |
| CVE-2023-46402 | git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.... | E | |
| CVE-2023-46404 | PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code executio... | E S | |
| CVE-2023-46407 | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_... | S | |
| CVE-2023-46408 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability v... | E | |
| CVE-2023-46409 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability v... | E | |
| CVE-2023-46410 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability v... | E | |
| CVE-2023-46411 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability v... | E | |
| CVE-2023-46412 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability v... | E | |
| CVE-2023-46413 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability v... | E | |
| CVE-2023-46414 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46415 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46416 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46417 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46418 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46419 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46420 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46421 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46422 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46423 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46424 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-46426 | Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows re... | | |
| CVE-2023-46427 | An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to... | | |
| CVE-2023-46428 | An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code... | E | |
| CVE-2023-46435 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=... | E | |
| CVE-2023-46442 | An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attack... | | |
| CVE-2023-46445 | An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308)... | | |
| CVE-2023-46446 | An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client sessi... | | |
| CVE-2023-46447 | The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sen... | E | |
| CVE-2023-46448 | Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 ... | E S | |
| CVE-2023-46449 | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Acce... | E | |
| CVE-2023-46450 | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scri... | E | |
| CVE-2023-46451 | Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change userna... | E | |
| CVE-2023-46454 | In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands... | | |
| CVE-2023-46455 | In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a ... | | |
| CVE-2023-46456 | In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands t... | | |
| CVE-2023-46467 | Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execut... | E | |
| CVE-2023-46468 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a cra... | E | |
| CVE-2023-46470 | Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote atta... | E | |
| CVE-2023-46471 | Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote atta... | E | |
| CVE-2023-46474 | File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalat... | E M | |
| CVE-2023-46475 | A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a ... | E | |
| CVE-2023-46478 | An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script t... | E | |
| CVE-2023-46480 | An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive ... | | |
| CVE-2023-46482 | SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code v... | E | |
| CVE-2023-46483 | Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive inf... | E | |
| CVE-2023-46484 | An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary cod... | E | |
| CVE-2023-46485 | An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary cod... | E | |
| CVE-2023-46490 | SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive informatio... | E | |
| CVE-2023-46491 | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Li... | E | |
| CVE-2023-46492 | Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arb... | | |
| CVE-2023-46493 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attac... | | |
| CVE-2023-46494 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote atta... | | |
| CVE-2023-46495 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote atta... | | |
| CVE-2023-46496 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attac... | | |
| CVE-2023-46497 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attac... | | |
| CVE-2023-46498 | An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive i... | | |
| CVE-2023-46499 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote atta... | | |
| CVE-2023-46501 | An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted p... | E | |
| CVE-2023-46502 | An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side ... | S | |
| CVE-2023-46503 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to exe... | E | |
| CVE-2023-46504 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate a... | E | |
| CVE-2023-46505 | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code vi... | E | |
| CVE-2023-46509 | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code v... | | |
| CVE-2023-46510 | An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute... | | |
| CVE-2023-46517 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-46518 | Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the ... | E | |
| CVE-2023-46520 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46521 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46522 | TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discover... | E | |
| CVE-2023-46523 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46525 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46526 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46527 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to co... | E | |
| CVE-2023-46534 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46535 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46536 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46537 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46538 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46539 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow... | E | |
| CVE-2023-46540 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46541 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46542 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46543 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46544 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46545 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46546 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46547 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46548 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46549 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46550 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46551 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46552 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46553 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46554 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46555 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46556 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46557 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46558 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46559 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46560 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46562 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46563 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46564 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the func... | E | |
| CVE-2023-46565 | Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a... | | |
| CVE-2023-46566 | Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allo... | | |
| CVE-2023-46569 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/... | E | |
| CVE-2023-46570 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch... | E | |
| CVE-2023-46574 | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary cod... | E | |
| CVE-2023-46575 | A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacke... | S | |
| CVE-2023-46580 | Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute ar... | E | |
| CVE-2023-46581 | SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitra... | E | |
| CVE-2023-46582 | SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitra... | E | |
| CVE-2023-46583 | Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System... | E | |
| CVE-2023-46584 | SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows... | E | |
| CVE-2023-46586 | cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI ... | | |
| CVE-2023-46587 | Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrar... | | |
| CVE-2023-46589 | Apache Tomcat: HTTP request smuggling via malformed trailer headers | | |
| CVE-2023-46590 | A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8)... | S | |
| CVE-2023-46595 | Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor | S | |
| CVE-2023-46596 | Improper input validation in FireFlow’s VisualFlow workflow editor | S | |
| CVE-2023-46601 | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper a... | | |
| CVE-2023-46602 | In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the ... | E | |
| CVE-2023-46603 | In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG... | E | |
| CVE-2023-46604 | Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack | KEV E | |
| CVE-2023-46605 | WordPress Convertful – Your Ultimate On-Site Conversion Tool plugin <= 2.5 - Broken Access Control vulnerability | S | |
| CVE-2023-46606 | WordPress AtomChat plugin <= 1.1.4 - Broken Access Control vulnerability | S | |
| CVE-2023-46607 | WordPress WP iCal Availability plugin <= 1.0.3 - Broken Access Control vulnerability | | |
| CVE-2023-46608 | WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability | S | |
| CVE-2023-46609 | WordPress FeedFocal plugin <= 1.2.2 - Broken Access Control vulnerability | S | |
| CVE-2023-46610 | WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability | S | |
| CVE-2023-46611 | WordPress YOP Poll plugin <= 6.5.28 - Vote Manipulation Due to Broken Captcha Control Vulnerability | S | |
| CVE-2023-46612 | WordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerability | | |
| CVE-2023-46613 | WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46614 | WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-46615 | WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection | | |
| CVE-2023-46616 | WordPress Draw Attention plugin <= 2.0.15 - Broken Access Control vulnerability | S | |
| CVE-2023-46617 | WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46618 | WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46619 | WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46620 | WordPress DeepL Pro API translation Plugin <= 2.3.9.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46621 | WordPress User Avatar Plugin <= 1.4.11 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46622 | WordPress WPPizza Plugin <= 3.18.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46623 | WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE) | S | |
| CVE-2023-46624 | WordPress Parcel Pro Plugin <= 1.6.11 is vulnerable to Open Redirection | S | |
| CVE-2023-46625 | WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-46626 | WordPress FLOWFACT WP Connector Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46627 | WordPress WP Simple HTML Sitemap Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46628 | WordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerability | | |
| CVE-2023-46629 | WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46630 | WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability | S | |
| CVE-2023-46631 | WordPress Product Recommendation Quiz for eCommerce plugin <= 2.1.2 - Broken Access Control vulnerability | S | |
| CVE-2023-46632 | WordPress My Shortcodes plugin <= 2.3 - Broken Access Control vulnerability | | |
| CVE-2023-46633 | WordPress WP Glossary plugin <= 3.1.2 - Broken Access Control vulnerability | | |
| CVE-2023-46634 | WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46635 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability | S | |
| CVE-2023-46636 | WordPress Custom Header Images Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46637 | WordPress Generate Dummy Posts plugin <= 1.0.0 - Broken Access Control vulnerability | | |
| CVE-2023-46638 | WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46639 | WordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerability | S | |
| CVE-2023-46640 | WordPress Medialist Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46641 | WordPress 12 Step Meeting List Plugin <= 3.14.24 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-46642 | WordPress SAHU TikTok Pixel for E-Commerce Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46643 | WordPress Download CloudNet360 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-46644 | WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability | S | |
| CVE-2023-46645 | Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site | | |
| CVE-2023-46646 | Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to vie... | | |
| CVE-2023-46647 | Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation | | |
| CVE-2023-46648 | Insufficient Entropy in GitHub Enterprise Server Management Console Invitation Token | | |
| CVE-2023-46649 | Race Condition allows Administrative Access on Organization Repositories | | |
| CVE-2023-46650 | Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page wh... | | |
| CVE-2023-46651 | Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials look... | | |
| CVE-2023-46652 | A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attacke... | | |
| CVE-2023-46653 | Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at... | | |
| CVE-2023-46654 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the ex... | | |
| CVE-2023-46655 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the di... | | |
| CVE-2023-46656 | Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time compariso... | | |
| CVE-2023-46657 | Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking wh... | | |
| CVE-2023-46658 | Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison functio... | | |
| CVE-2023-46659 | Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page... | | |
| CVE-2023-46660 | Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whe... | | |
| CVE-2023-46661 | Improper Access Control in Sielco PolyEco1000 | | |
| CVE-2023-46662 | Improper Access Control in Sielco PolyEco1000 | | |
| CVE-2023-46663 | Improper Access Control in Sielco PolyEco1000 | | |
| CVE-2023-46664 | Improper Access Control in Sielco PolyEco1000 | | |
| CVE-2023-46665 | Improper Access Control in Sielco PolyEco1000 | | |
| CVE-2023-46666 | Elastic Sharepoint Online Python Connector Improper Access Control | | |
| CVE-2023-46667 | Fleet Server Insertion of Sensitive Information into Log File | | |
| CVE-2023-46668 | Elastic Endpoint Insertion of Sensitive Information into Log File | M | |
| CVE-2023-46669 | Elastic Agent / Elastic Endpoint Security local API key disclosure | | |
| CVE-2023-46671 | Kibana Insertion of Sensitive Information into Log File | M | |
| CVE-2023-46672 | Logstash Insertion of Sensitive Information into Log File | | |
| CVE-2023-46673 | It was identified that malformed scripts used in the script processor of an Ingest Pipeline could ca... | | |
| CVE-2023-46674 | Elasticsearch-hadoop Unsafe Deserialization | | |
| CVE-2023-46675 | Kibana Insertion of Sensitive Information into Log File | | |
| CVE-2023-46676 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46677 | Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46678 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46679 | Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46680 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46681 | Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in ... | S | |
| CVE-2023-46683 | A post authentication command injection vulnerability exists when configuring the wireguard VPN fun... | E | |
| CVE-2023-46685 | A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_... | | |
| CVE-2023-46686 | A reliance on untrusted inputs in a security decision could be exploited by a privileged user to co... | | |
| CVE-2023-46687 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection | S | |
| CVE-2023-46688 | Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attac... | | |
| CVE-2023-46689 | Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authen... | | |
| CVE-2023-46690 | Delta Electronics InfraSuite Device Master Path Traversal | S | |
| CVE-2023-46691 | Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated... | | |
| CVE-2023-46693 | Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary ... | | |
| CVE-2023-46694 | Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them ... | | |
| CVE-2023-46695 | An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NF... | S | |
| CVE-2023-46699 | Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI vers... | | |
| CVE-2023-46700 | SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Ca... | | |
| CVE-2023-46701 | Inaccessible Post Information Leak via Run Timeline IDOR | S | |
| CVE-2023-46705 | Arkruntime has a type confusion vulnerability | | |
| CVE-2023-46706 | MachineSense FeverWarn Use of Hard-coded Credentials | M | |
| CVE-2023-46708 | Wlan has a use after free vulnerability | S | |
| CVE-2023-46711 | VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attac... | S | |
| CVE-2023-46712 | A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal ... | S | |
| CVE-2023-46713 | An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0... | S | |
| CVE-2023-46714 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.... | S | |
| CVE-2023-46715 | An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 thro... | S | |
| CVE-2023-46716 | Rejected reason: Not used... | R | |
| CVE-2023-46717 | An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2... | S | |
| CVE-2023-46719 | Rejected reason: Not used... | R | |
| CVE-2023-46720 | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.... | S | |
| CVE-2023-46721 | Rejected reason: Not used... | R | |
| CVE-2023-46722 | Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews | S | |
| CVE-2023-46723 | lte-pic32-writer's sendto.txt may disclose URL and the API key | | |
| CVE-2023-46724 | SQUID-2023:4 Denial of Service in SSL Certificate validation | S | |
| CVE-2023-46725 | FoodCoopShop Server-Side Request Forgery vulnerability | S | |
| CVE-2023-46726 | GLPI Remote code execution from LDAP server configuration form on PHP 7.4 | S | |
| CVE-2023-46727 | GLPI SQL injection through inventory agent request | S | |
| CVE-2023-46728 | SQUID-2021:8 Denial of Service in Gopher gateway | S | |
| CVE-2023-46729 | Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint | S | |
| CVE-2023-46730 | Server-Side Request Forgery in groupoffice | E S | |
| CVE-2023-46731 | Remote code execution through the section parameter in Administration as guest in XWiki Platform | E S | |
| CVE-2023-46732 | Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform | E S | |
| CVE-2023-46733 | Symfony possible session fixation vulnerability | S | |
| CVE-2023-46734 | Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters | S | |
| CVE-2023-46735 | Symfony potential Cross-site Scripting in WebhookController | S | |
| CVE-2023-46736 | Server-Side Request Forgery in espocrm | S | |
| CVE-2023-46737 | Possible endless data attack from attacker-controlled registry in cosign | E S | |
| CVE-2023-46738 | Authenticated users can crash the CubeFS servers with maliciously crafted requests | S | |
| CVE-2023-46739 | Timing attack can leak user passwords | S | |
| CVE-2023-46740 | Insecure random string generator used for sensitive data | S | |
| CVE-2023-46741 | CubeFS leaks magic secret key when starting Blobstore access service | S | |
| CVE-2023-46742 | CubeFS leaks users key in logs | S | |
| CVE-2023-46743 | The same file cannot be opened with different rights | E S | |
| CVE-2023-46744 | Stored Cross-site Scripting in Squidex | E | |
| CVE-2023-46745 | Rate limiting Bypass on login page in libreNMS | E | |
| CVE-2023-46746 | Authenticated PostHog users vulnerable to SSRF | S | |
| CVE-2023-46747 | BIG-IP Configuration utility unauthenticated remote code execution vulnerability | KEV E | |
| CVE-2023-46748 | BIG-IP Configuration utility authenticated SQL injection vulnerability | KEV E | |
| CVE-2023-46749 | Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting | | |
| CVE-2023-46750 | Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. | | |
| CVE-2023-46751 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript thro... | | |
| CVE-2023-46752 | An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, ... | S | |
| CVE-2023-46753 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE m... | S | |
| CVE-2023-46754 | The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature a... | | |
| CVE-2023-46755 | Vulnerability of input parameters being not strictly verified in the input. Successful exploitation ... | | |
| CVE-2023-46756 | Permission control vulnerability in the window management module. Successful exploitation of this vu... | | |
| CVE-2023-46757 | The remote PIN module has a vulnerability that causes incorrect information storage locations.Succes... | | |
| CVE-2023-46758 | Permission management vulnerability in the multi-screen interaction module. Successful exploitation ... | | |
| CVE-2023-46759 | Permission control vulnerability in the call module. Successful exploitation of this vulnerability m... | | |
| CVE-2023-46760 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne... | | |
| CVE-2023-46761 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne... | | |
| CVE-2023-46762 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne... | | |
| CVE-2023-46763 | Vulnerability of background app permission management in the framework module. Successful exploitati... | | |
| CVE-2023-46764 | Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability... | | |
| CVE-2023-46765 | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerabilit... | | |
| CVE-2023-46766 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne... | | |
| CVE-2023-46767 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne... | | |
| CVE-2023-46768 | Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may ca... | | |
| CVE-2023-46769 | Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerabili... | | |
| CVE-2023-46770 | Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may ... | | |
| CVE-2023-46771 | Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may ... | | |
| CVE-2023-46772 | Vulnerability of parameters being out of the value range in the QMI service module. Successful explo... | | |
| CVE-2023-46773 | Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability... | | |
| CVE-2023-46774 | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerabilit... | | |
| CVE-2023-46775 | WordPress Original texts Yandex WebMaster Plugin <= 1.18 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46776 | WordPress Auto Excerpt everywhere Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46777 | WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-46778 | WordPress Auto Limit Posts Reloaded Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46779 | WordPress EasyRecipe Plugin <= 3.5.3251 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46780 | WordPress Alter Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-46781 | WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-46782 | WordPress MomentoPress for Momento360 Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46783 | WordPress Pre-Orders for WooCommerce Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46784 | WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability | S | |
| CVE-2023-46785 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46786 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46787 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46788 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46789 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46790 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46791 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46792 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46793 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46794 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46795 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46796 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46797 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46798 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46799 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-46800 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-46801 | Apache Linkis DataSource: DataSource Remote code execution vulnerability | | |
| CVE-2023-46802 | e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) d... | | |
| CVE-2023-46803 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46804 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corr... | | |
| CVE-2023-46805 | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic... | KEV E | |
| CVE-2023-46806 | An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authent... | | |
| CVE-2023-46807 | An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user... | | |
| CVE-2023-46808 | An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to pe... | | |
| CVE-2023-46809 | Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked ve... | | |
| CVE-2023-46810 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, a... | | |
| CVE-2023-46813 | An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace ... | S | |
| CVE-2023-46814 | A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Window... | | |
| CVE-2023-46815 | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Uplo... | | |
| CVE-2023-46816 | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template In... | | |
| CVE-2023-46817 | An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redir... | E | |
| CVE-2023-46818 | An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the lang... | S | |
| CVE-2023-46819 | Apache OFBiz: Execution of Solr plugin queries without authentication | S | |
| CVE-2023-46820 | WordPress Image Regenerate & Select Crop Plugin <= 7.3.0 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2023-46821 | WordPress GD Security Headers Plugin <= 1.7 is vulnerable to SQL Injection | S | |
| CVE-2023-46822 | WordPress WooCommerce – Store Exporter Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46823 | WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection | S | |
| CVE-2023-46824 | WordPress Slick Popup Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-46835 | x86/AMD: mismatch in IOMMU quarantine page table levels | S | |
| CVE-2023-46836 | x86: BTC/SRSO fixes not fully effective | S | |
| CVE-2023-46837 | arm32: The cache may not be properly cleaned/invalidated (take two) | S | |
| CVE-2023-46838 | Linux: netback processing of zero-length transmit fragment | S | |
| CVE-2023-46839 | pci: phantom functions assigned to incorrect contexts | M | |
| CVE-2023-46840 | VT-d: Failure to quarantine devices in !HVM builds | M | |
| CVE-2023-46841 | x86: shadow stack vs exceptions from emulation stubs | S | |
| CVE-2023-46842 | x86 HVM hypercalls may trigger Xen bug check | M | |
| CVE-2023-46845 | EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 ... | E S | |
| CVE-2023-46846 | Squid: request/response smuggling in http/1.1 and icap | | |
| CVE-2023-46847 | Squid: denial of service in http digest authentication | | |
| CVE-2023-46848 | Squid: denial of service in ftp | | |
| CVE-2023-46849 | Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an... | | |
| CVE-2023-46850 | Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buff... | | |
| CVE-2023-46851 | Apache Allura: sensitive information exposure via import | S | |
| CVE-2023-46852 | In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode... | S | |
| CVE-2023-46853 | In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode,... | S | |
| CVE-2023-46854 | Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via th... | S | |
| CVE-2023-46857 | Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs becaus... | E | |
| CVE-2023-46858 | Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teac... | E | |
| CVE-2023-46862 | An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_... | S | |
| CVE-2023-46863 | Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api... | E | |
| CVE-2023-46864 | Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /ap... | E | |
| CVE-2023-46865 | /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to ... | E S | |
| CVE-2023-46866 | In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp... | E | |
| CVE-2023-46867 | In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in ... | E | |
| CVE-2023-46870 | extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor... | | |
| CVE-2023-46871 | GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble sceneg... | E S | |
| CVE-2023-46886 | Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template managemen... | E | |
| CVE-2023-46887 | In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download... | E | |
| CVE-2023-46889 | Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the de... | | |
| CVE-2023-46892 | The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to repla... | | |
| CVE-2023-46894 | An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptog... | E | |
| CVE-2023-46906 | juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a... | E | |
| CVE-2023-46911 | There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms... | E | |
| CVE-2023-46914 | SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, a... | S | |
| CVE-2023-46916 | Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteris... | E | |
| CVE-2023-46918 | Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest f... | E | |
| CVE-2023-46919 | Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simpl... | E | |
| CVE-2023-46925 | Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-46927 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gp... | S | |
| CVE-2023-46928 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/... | S | |
| CVE-2023-46929 | An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest... | E S | |
| CVE-2023-46930 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track... | S | |
| CVE-2023-46931 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /aflt... | S | |
| CVE-2023-46932 | Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attacker... | E | |
| CVE-2023-46935 | eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive inform... | E | |
| CVE-2023-46942 | Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote ... | | |
| CVE-2023-46943 | An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secr... | | |
| CVE-2023-46944 | An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a cra... | E S | |
| CVE-2023-46947 | Subrion 4.2.1 has a remote command execution vulnerability in the backend.... | E | |
| CVE-2023-46948 | A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that en... | | |
| CVE-2023-46950 | Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain ... | E | |
| CVE-2023-46951 | Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain ... | E | |
| CVE-2023-46952 | Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code v... | E | |
| CVE-2023-46953 | SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code vi... | | |
| CVE-2023-46954 | SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier all... | E | |
| CVE-2023-46956 | SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker t... | E | |
| CVE-2023-46958 | An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to... | | |
| CVE-2023-46960 | Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacker to cause a denial of service... | | |
| CVE-2023-46963 | An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 al... | E | |
| CVE-2023-46964 | Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 a... | | |
| CVE-2023-46967 | Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a ... | E S | |
| CVE-2023-46974 | Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacke... | E | |
| CVE-2023-46976 | TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in t... | E | |
| CVE-2023-46977 | TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password... | E | |
| CVE-2023-46978 | TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset... | E | |
| CVE-2023-46979 | TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2023-46980 | An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code ... | E | |
| CVE-2023-46981 | SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code... | E | |
| CVE-2023-46987 | SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2023-46988 | Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to... | | |
| CVE-2023-46989 | SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, al... | S | |
| CVE-2023-46990 | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute ar... | E | |
| CVE-2023-46992 | TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are abl... | E | |
| CVE-2023-46993 | In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verifica... | E | |
| CVE-2023-46998 | Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker ... | E |