CVE-2023-48xxx

There are 727 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-48003 An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote...
E
CVE-2023-48010 STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interf...
CVE-2023-48011 GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush...
E S
CVE-2023-48013 GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpack...
E S
CVE-2023-48014 GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse...
E S
CVE-2023-48016 Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the ...
E
CVE-2023-48017 Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in ...
E
CVE-2023-48020 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /...
E
CVE-2023-48021 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /...
E
CVE-2023-48022 Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submissi...
E
CVE-2023-48023 Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report...
E
CVE-2023-48024 Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash...
E
CVE-2023-48025 Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsig...
E
CVE-2023-48028 kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the log...
E
CVE-2023-48029 Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a m...
E
CVE-2023-48031 OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the commen...
E
CVE-2023-48034 An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both ...
CVE-2023-48039 GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tool...
E
CVE-2023-48042 Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2...
CVE-2023-48049 A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_b...
E
CVE-2023-48050 SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with...
CVE-2023-48051 An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via...
E M
CVE-2023-48052 Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications ...
CVE-2023-48053 Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryptio...
CVE-2023-48054 Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communicati...
CVE-2023-48055 SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability...
CVE-2023-48056 PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encrypt...
CVE-2023-48058 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /...
E
CVE-2023-48060 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /...
E
CVE-2023-48063 An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme ...
E
CVE-2023-48068 DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php....
E
CVE-2023-48078 SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arb...
E
CVE-2023-48082 Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated)...
CVE-2023-48084 Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk...
CVE-2023-48085 Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerabilit...
CVE-2023-48087 xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xx...
E
CVE-2023-48088 xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailP...
E
CVE-2023-48089 xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save....
E
CVE-2023-48090 GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tool...
E
CVE-2023-48094 A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary ...
CVE-2023-48104 Alinto SOGo before 5.9.1 is vulnerable to HTML Injection....
S
CVE-2023-48105 An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows...
E S
CVE-2023-48106 Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary ...
E S
CVE-2023-48107 Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary ...
E S
CVE-2023-48109 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the fu...
E
CVE-2023-48110 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the functi...
E
CVE-2023-48111 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the funct...
E
CVE-2023-48114 SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and ...
E
CVE-2023-48115 SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protecti...
E
CVE-2023-48116 SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description o...
E
CVE-2023-48118 SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to exec...
E
CVE-2023-48121 An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to ...
CVE-2023-48122 An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive inf...
E
CVE-2023-48123 An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacke...
S
CVE-2023-48124 Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code...
E
CVE-2023-48126 An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious n...
E
CVE-2023-48127 An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notificatio...
E
CVE-2023-48128 An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious no...
E
CVE-2023-48129 An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifi...
E
CVE-2023-48130 An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notificat...
E
CVE-2023-48131 An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious not...
E
CVE-2023-48132 An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to se...
E
CVE-2023-48133 An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notific...
E
CVE-2023-48134 nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized ...
E
CVE-2023-48135 An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifi...
E
CVE-2023-48161 Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sen...
E
CVE-2023-48166 A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 ...
CVE-2023-48171 An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via th...
E
CVE-2023-48172 A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker ...
E
CVE-2023-48176 An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privi...
CVE-2023-48183 QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous ...
CVE-2023-48184 QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage co...
CVE-2023-48185 Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to ...
CVE-2023-48188 SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker...
E
CVE-2023-48192 An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary cod...
E
CVE-2023-48193 Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute a...
E
CVE-2023-48194 Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten ...
E
CVE-2023-48197 Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier...
E
CVE-2023-48198 A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock...
E
CVE-2023-48199 HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to ...
E
CVE-2023-48200 Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary cod...
E
CVE-2023-48201 Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attack...
E
CVE-2023-48202 Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privilege...
E
CVE-2023-48204 An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via th...
E
CVE-2023-48205 Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with...
E
CVE-2023-48206 A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remo...
E
CVE-2023-48207 Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations l...
E
CVE-2023-48208 A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inje...
CVE-2023-48217 Remote code execution via form uploads in statamic/cms
S
CVE-2023-48218 Strapi Protected Populate Plugin leaking fields if the request fields where empty or only fields selected where not populatable
S
CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE
CVE-2023-48220 Decidim's devise_invitable gem vulnerable to circumvention of invitation token expiry period
S
CVE-2023-48221 wire-avs remote format string vulnerability
S
CVE-2023-48222 Authenticated users can view or delete jobs they do not have authorization for in Rundeck
CVE-2023-48223 fast-jwt JWT Algorithm Confusion
E
CVE-2023-48224 Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides
S
CVE-2023-48225 Laf env causes sensitive information disclosure
E
CVE-2023-48226 OpenReplay HTML Injection vulnerability
E
CVE-2023-48227 Umbraco CMS Backoffice User can bypass "Publish" restriction
CVE-2023-48228 OAuth2: PKCE can be fully circumvented
E S
CVE-2023-48229 Out-of-bounds write in the radio driver for Contiki-NG nRF platforms
S
CVE-2023-48230 Cap'n Proto WebSocket message can cause crash
E S
CVE-2023-48231 Use-After-Free in win_close() in vim
S
CVE-2023-48232 Floating point Exception in adjust_plines_for_skipcol() in vim
S
CVE-2023-48233 overflow with count for :s command in vim
S
CVE-2023-48234 overflow in nv_z_get_count in vim
S
CVE-2023-48235 overflow in ex address parsing in vim
S
CVE-2023-48236 overflow in get_number in vim
S
CVE-2023-48237 overflow in shift_line in vim
S
CVE-2023-48238 JWT Algorithm Confusion in json-web-token library
E
CVE-2023-48239 Nextcloud Server users can make external storage mount points inaccessible for other users
E S
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery
S
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service
S
CVE-2023-48242 The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths o...
CVE-2023-48243 The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system unde...
CVE-2023-48244 The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code i...
CVE-2023-48245 The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the cont...
CVE-2023-48246 The vulnerability allows a remote attacker to download arbitrary files in all paths of the system un...
CVE-2023-48247 The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the contex...
CVE-2023-48248 The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card ...
CVE-2023-48249 The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of ...
CVE-2023-48250 The vulnerability allows a remote attacker to authenticate to the web application with high privileg...
CVE-2023-48251 The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges t...
CVE-2023-48252 The vulnerability allows an authenticated remote attacker to perform actions exceeding their authori...
CVE-2023-48253 The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the ...
CVE-2023-48254 The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code i...
CVE-2023-48255 The vulnerability allows an unauthenticated remote attacker to send malicious network requests conta...
CVE-2023-48256 The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate H...
CVE-2023-48257 The vulnerability allows a remote attacker to access sensitive data inside exported packages or obta...
CVE-2023-48258 The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafte...
CVE-2023-48259 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results ...
CVE-2023-48260 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results ...
CVE-2023-48261 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results ...
CVE-2023-48262 The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att...
CVE-2023-48263 The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att...
CVE-2023-48264 The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att...
CVE-2023-48265 The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att...
CVE-2023-48266 The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att...
CVE-2023-48267 Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense fi...
CVE-2023-48268 Denial of Service via Board Import Zip Bomb
S
CVE-2023-48270 A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl...
CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability
S
CVE-2023-48272 WordPress Maspik – Spam blacklist Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48273 WordPress Preloader for Website plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability
S
CVE-2023-48274 WordPress WCMultiShipping plugin <= 2.3.5 - Broken Access Control vulnerability
S
CVE-2023-48275 WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability
S
CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability
CVE-2023-48277 WordPress Super Progressive Web Apps plugin <= 2.2.21 - Broken Access Control vulnerability
S
CVE-2023-48278 WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to XSS
CVE-2023-48279 WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48280 WordPress Consensu.io plugin <= 1.0.1 - Broken Access Control vulnerability
CVE-2023-48281 WordPress Broken Link Checker for YouTube Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48282 WordPress Taxonomy filter Plugin <= 2.2.9 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48283 WordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48284 WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-48285 WordPress Accept Stripe Payments plugin <= 2.0.79 - Content Injection vulnerability
S
CVE-2023-48286 WordPress Accept Stripe Payments plugin <= 2.0.79 - Broken Access Control vulnerability
S
CVE-2023-48287 WordPress TextMe SMS plugin <= 1.9.0 - Broken Access Control vulnerability
S
CVE-2023-48288 WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.1 is vulnerable to Sensitive Data Exposure
S
CVE-2023-48289 WordPress Import Spreadsheets from Microsoft Excel Plugin <= 10.1.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48290 WordPress Form Maker by 10Web plugin <= 1.15.20 - Captcha Bypass Vulnerability vulnerability
S
CVE-2023-48291 Apache Airflow: Improper access control to DAG resources
S
CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
S
CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries
S
CVE-2023-48294 Broken Access control on Graphs Feature in LibreNMS
E S
CVE-2023-48295 Cross-site Scripting at Device groups Deletion feature in LibreNMS
S
CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID
S
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression
S
CVE-2023-48299 TorchServe ZipSlip
S
CVE-2023-48300 Embed Privacy missing escaping for show_all attribute in opt-out shortcode
E S
CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name
E S
CVE-2023-48302 Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V
S
CVE-2023-48303 Nextcloud Server admins can change authentication details of user configured external storage
S
CVE-2023-48304 Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user
E S
CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug
E S
CVE-2023-48306 Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF
E S
CVE-2023-48307 Nextcloud Mail app vulnerable to Server-Side Request Forgery
S
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment
S
CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication
S
CVE-2023-48310 Ability to DoS the testing infrastructure by overwriting files
E S
CVE-2023-48311 Any image allowed by default
S
CVE-2023-48312 Authentication bypass using an empty token in capsule-proxy
E S
CVE-2023-48313 Umbraco contains a DOM-XSS
CVE-2023-48314 Unescaped passing of the request URL in Collabora Online
CVE-2023-48315 Azure RTOS NetX Duo Remote Code Execution Vulnerability
CVE-2023-48316 Azure RTOS NetX Duo Remote Code Execution Vulnerability
CVE-2023-48317 WordPress Display Custom Post Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48318 WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability
S
CVE-2023-48319 WordPress Salon booking system plugin < 8.7 - Editor+ Privilege Escalation vulnerability
S
CVE-2023-48320 WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48321 WordPress Accelerated Mobile Pages Plugin <= 1.0.88.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48322 WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48323 WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-48324 WordPress Awesome Support HelpDesk plugin <= 6.1.4 - Broken Access control vulnerability
S
CVE-2023-48325 WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection
S
CVE-2023-48326 WordPress Events Manager Plugin <= 6.4.5 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48327 WordPress WC Vendors Marketplace Plugin <= 2.4.7 is vulnerable to SQL Injection
S
CVE-2023-48328 WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-48329 WordPress Fast Custom Social Share by CodeBard Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48330 WordPress Bulk Comment Remove Plugin <= 2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48331 WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48332 WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 4.0.14 - Broken Access Control vulnerability
CVE-2023-48333 WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure
S
CVE-2023-48334 WordPress League Table Plugin <= 1.13 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48335 WordPress Hide login page plugin <= 1.1.9 - Secret Login Page Location Disclosure on Multisites vulnerability
CVE-2023-48336 WordPress Easy Social Icons Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48339 In jpg driver, there is a possible missing permission check. This could lead to local information di...
CVE-2023-48340 In video decoder, there is a possible out of bounds write due to improper input validation. This cou...
CVE-2023-48341 In video decoder, there is a possible out of bounds read due to improper input validation. This coul...
CVE-2023-48342 In media service, there is a possible out of bounds write due to a missing bounds check. This could ...
CVE-2023-48343 In video decoder, there is a possible out of bounds write due to improper input validation. This cou...
CVE-2023-48344 In video decoder, there is a possible out of bounds read due to improper input validation. This coul...
CVE-2023-48345 In video decoder, there is a possible out of bounds read due to improper input validation. This coul...
CVE-2023-48346 In video decoder, there is a possible improper input validation. This could lead to local denial of ...
CVE-2023-48347 In video decoder, there is a possible out of bounds read due to improper input validation. This coul...
CVE-2023-48348 In video decoder, there is a possible out of bounds write due to improper input validation. This cou...
CVE-2023-48349 In video decoder, there is a possible out of bounds write due to a missing bounds check. This could ...
CVE-2023-48350 In video decoder, there is a possible out of bounds write due to a missing bounds check. This could ...
CVE-2023-48351 In video decoder, there is a possible out of bounds write due to a missing bounds check. This could ...
CVE-2023-48352 In phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This cou...
CVE-2023-48353 In vsp driver, there is a possible use after free due to a logic error. This could lead to local den...
CVE-2023-48354 In telephone service, there is a possible improper input validation. This could lead to local inform...
CVE-2023-48355 In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lea...
CVE-2023-48356 In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lea...
CVE-2023-48357 In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lea...
CVE-2023-48358 In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lea...
CVE-2023-48359 In autotest driver, there is a possible out of bounds write due to improper input validation. This c...
CVE-2023-48360 multimedia player has a UAF vulnerability
CVE-2023-48361 Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentiall...
CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader
CVE-2023-48363 A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH ...
CVE-2023-48364 A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH ...
CVE-2023-48365 Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code exec...
KEV
CVE-2023-48366 Race condition in some Intel(R) System Security Report and System Resources Defense firmware may all...
CVE-2023-48368 Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated use...
CVE-2023-48369 Log Flooding due to specially crafted requests in different endpoints
S
CVE-2023-48371 ITPison OMICARD EDM 's SMS - Arbitrary File Upload
S
CVE-2023-48372 ITPison OMICARD EDM 's SMS - SQL Injection
S
CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal
S
CVE-2023-48374 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials
S
CVE-2023-48375 SmartStar Software CWS Web-Base - Broken Access Control
S
CVE-2023-48376 SmartStar Software CWS Web-Base - Arbitrary File Upload
S
CVE-2023-48378 Softnext Mail SQR Expert - Path Traversal
S
CVE-2023-48379 Softnext Mail SQR Expert - Blind Server-Side Request Forgey (SSRF)
S
CVE-2023-48380 Softnext Mail SQR Expert - Command Injection
S
CVE-2023-48381 Softnext Mail SQR Expert - Local File Inclusion-1
S
CVE-2023-48382 Softnext Mail SQR Expert - Local File Inclusion-2
S
CVE-2023-48383 NetVision Information airPASS - Path Traversal
S
CVE-2023-48384 ArmorX Global Technology Corporation ArmorX Spam - SQL Injectoin
S
CVE-2023-48387 TAIWAN-CA(TWCA) JCICSecurityTool - Improper Input Validation
S
CVE-2023-48388 Multisuns EasyLog web+ - Use of Hard-coded Password
S
CVE-2023-48389 Multisuns EasyLog web+ - Path Traversal
S
CVE-2023-48390 Multisuns EasyLog web+ - Command Injection
S
CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key
S
CVE-2023-48393 Kaifa Technology WebITR - Error Message Leakage
S
CVE-2023-48394 Kaifa Technology WebITR - Arbitrary File Upload
S
CVE-2023-48395 Kaifa Technology WebITR - SQL Injection
S
CVE-2023-48396 Apache SeaTunnel Web: Authentication bypass
CVE-2023-48397 In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds c...
CVE-2023-48398 In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possib...
CVE-2023-48399 In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bound...
CVE-2023-48401 In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an inc...
CVE-2023-48402 In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could le...
CVE-2023-48403 In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buff...
CVE-2023-48404 In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of...
CVE-2023-48405 there is a possible way for the secure world to write to NS memory due to a logic error in the code....
CVE-2023-48406 there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic er...
CVE-2023-48407 there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This ...
CVE-2023-48408 In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read...
CVE-2023-48409 In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase...
CVE-2023-48410 In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. ...
CVE-2023-48411 In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible ou...
CVE-2023-48412 In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic e...
CVE-2023-48413 In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds ch...
CVE-2023-48414 In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. Thi...
CVE-2023-48415 In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds ...
CVE-2023-48416 In multiple locations, there is a possible null dereference due to a missing null check. This could ...
CVE-2023-48417 Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Appl...
CVE-2023-48418 User Build misconfiguration resulting in local escalation of privilege
CVE-2023-48419 An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in EoP
CVE-2023-48420 there is a possible use after free due to a race condition. This could lead to local escalation of p...
CVE-2023-48421 In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/p...
CVE-2023-48422 In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds ch...
CVE-2023-48423 In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bou...
CVE-2023-48424 U-Boot shell vulnerability resulting in Privilege escalation in a production device...
CVE-2023-48425 U-Boot vulnerability resulting in persistent Code Execution ...
CVE-2023-48426 Chromecast Bootloader & Kernel-level code-execution including compromise of user-data
CVE-2023-48427 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected produc...
S
CVE-2023-48428 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius conf...
S
CVE-2023-48429 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of a...
S
CVE-2023-48430 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of...
S
CVE-2023-48431 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected softwa...
S
CVE-2023-48432 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant ses...
CVE-2023-48433 Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CVE-2023-48434 Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CVE-2023-48440 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48441 Adobe Experience Manager | Improper Access Control (CWE-284)
S
CVE-2023-48442 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48443 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48444 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48445 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48446 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48447 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48448 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48449 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48450 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48451 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48452 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48453 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48454 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48455 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48456 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48457 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48458 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48459 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48460 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48461 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48462 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48463 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48464 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48465 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48466 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48467 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48468 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48469 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48470 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48471 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48472 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48473 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48474 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48475 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48476 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48477 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48478 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48479 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48480 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48481 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48482 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48483 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48484 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48485 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48486 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48487 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48488 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48489 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48490 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48491 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48492 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48493 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48494 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48495 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48496 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48497 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48498 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48499 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48500 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48501 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48502 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48503 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48504 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48505 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48506 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48507 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48508 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48509 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48510 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48511 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48512 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48513 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48514 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48515 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48516 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48517 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48518 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48519 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48520 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48521 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48522 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48523 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48524 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48525 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48526 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48527 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48528 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48529 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48530 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48531 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48532 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48533 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48534 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48535 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48536 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48537 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48538 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48539 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48540 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48541 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48542 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48543 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48544 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48545 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48546 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48547 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48548 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48549 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48550 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48551 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48552 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48553 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48554 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48555 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48556 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48557 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48558 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48559 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48560 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48561 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48562 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48563 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48564 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48565 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48566 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48567 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48568 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48569 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48570 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48571 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48572 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48573 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48574 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48575 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48576 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48577 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48578 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48579 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48580 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48581 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48582 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48583 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48584 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48585 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48586 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48587 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48588 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48589 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48590 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48591 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48592 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48593 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48594 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48595 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48596 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48597 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48598 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48599 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48600 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48601 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48602 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48603 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48604 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48605 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48606 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48607 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48608 Adobe Experience Manager | Improper Input Validation (CWE-20)
S
CVE-2023-48609 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48610 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48611 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48612 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48613 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48614 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48615 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48616 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48617 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48618 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
S
CVE-2023-48619 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48620 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48621 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48622 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48623 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
S
CVE-2023-48624 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
S
CVE-2023-48625 Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability VI
S
CVE-2023-48626 Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability V
S
CVE-2023-48627 Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability IV
S
CVE-2023-48628 Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability III
S
CVE-2023-48629 Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability II
S
CVE-2023-48630 Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability I
S
CVE-2023-48631 Denial of Service of regular expression in package @adobe/css-tools
CVE-2023-48632 ZDI-CAN-22172: Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2023-48633 ZDI-CAN-22173: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability
S
CVE-2023-48634 ZDI-CAN-22175: Adobe After Effects AEP File Parsing Memory Corruption Remote Code Execution Vulnerability
S
CVE-2023-48635 ZDI-CAN-22174: Adobe After Effects AEP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2023-48636 Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability IV
CVE-2023-48637 Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability II
CVE-2023-48638 Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability III
CVE-2023-48639 Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability I
CVE-2023-48641 Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vul...
CVE-2023-48642 Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulne...
CVE-2023-48643 Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Executi...
CVE-2023-48644 An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the crea...
CVE-2023-48645 An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchron...
CVE-2023-48646 Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands ...
CVE-2023-48648 Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can b...
CVE-2023-48649 Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded ...
S
CVE-2023-48650 Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload ...
CVE-2023-48651 Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialog...
CVE-2023-48652 Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialo...
S
CVE-2023-48653 Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calen...
CVE-2023-48654 One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset...
CVE-2023-48655 An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php do...
S
CVE-2023-48656 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses....
S
CVE-2023-48657 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters....
S
CVE-2023-48658 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function f...
S
CVE-2023-48659 An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles paramete...
S
CVE-2023-48660 Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote ...
S
CVE-2023-48661 Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote...
S
CVE-2023-48662 Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma...
S
CVE-2023-48663 Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma...
S
CVE-2023-48664 Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma...
S
CVE-2023-48665 Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma...
S
CVE-2023-48667 Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a...
CVE-2023-48668 Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC c...
CVE-2023-48670 Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vu...
CVE-2023-48671 Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A rem...
S
CVE-2023-48674 Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with n...
CVE-2023-48676 Sensitive information disclosure and manipulation due to missing authorization. The following produc...
CVE-2023-48677 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ...
CVE-2023-48678 Sensitive information disclosure due to insecure folder permissions. The following products are affe...
CVE-2023-48679 Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The...
CVE-2023-48680 Sensitive information disclosure due to excessive collection of system information. The following pr...
CVE-2023-48681 Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products ...
CVE-2023-48682 Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: A...
CVE-2023-48683 Sensitive information disclosure and manipulation due to missing authorization. The following produc...
CVE-2023-48684 Sensitive information disclosure and manipulation due to missing authorization. The following produc...
CVE-2023-48685 Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
E
CVE-2023-48686 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-48687 Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
E
CVE-2023-48688 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-48689 Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
E
CVE-2023-48690 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-48691 Azure RTOS NetX Duo Remote Code Execution Vulnerability
CVE-2023-48692 Azure RTOS NetX Duo Remote Code Execution Vulnerability
CVE-2023-48693 Azure RTOS ThreadX Remote Code Execution Vulnerability
CVE-2023-48694 Azure RTOS USBX Remote Code Execution Vulnerability
CVE-2023-48695 Azure RTOS USBX Remote Code Execution Vulnerability
CVE-2023-48696 Azure RTOS USBX Remote Code Execution Vulnerability
CVE-2023-48697 Azure RTOS USBX Remote Code Execution Vulnerability
CVE-2023-48698 Azure RTOS USBX Remote Code Execution Vulnerability
CVE-2023-48699 fastbots Eval Injection vulnerability
E S
CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task
CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets
CVE-2023-48702 Jellyfin Possible Remote Code Execution via custom FFmpeg binary
E S
CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml
CVE-2023-48704 Unauthenticated heap buffer overflow in Gorrila codec decompression
S
CVE-2023-48705 nautobot has XSS potential in custom links, job buttons, and computed fields
S
CVE-2023-48706 Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite
E S
CVE-2023-48707 Cleartext Storage of Sensitive Information in codeigniter4/shield
S
CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield
S
CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file
S
CVE-2023-48710 iTop limit pages/exec.php script to PHP files
S
CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser
E S
CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate
S
CVE-2023-48713 Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
S
CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
CVE-2023-48715 Tuleap vulnerable to Cross-site Scripting on the edition page of a release
S
CVE-2023-48716 Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
E
CVE-2023-48717 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-48718 Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
E
CVE-2023-48719 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-48720 Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
E
CVE-2023-48721 Rejected reason: Not used...
R
CVE-2023-48722 Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
E
CVE-2023-48723 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-48724 A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wirele...
CVE-2023-48725 A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functional...
E
CVE-2023-48726 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2023-48727 NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authent...
CVE-2023-48728 A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionalit...
E
CVE-2023-48729 Rejected reason: This is unused....
R
CVE-2023-48730 A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionali...
CVE-2023-48732 Keywords that trigger mentions are leaked to other users
S
CVE-2023-48733 An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS...
CVE-2023-48734 Rejected reason: This is unused....
R
CVE-2023-48736 In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSamp...
E
CVE-2023-48737 WordPress TriPay Payment Gateway Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48738 WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection
S
CVE-2023-48739 WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability
S
CVE-2023-48740 WordPress Easy Social Feed plugin <= 6.5.1 - Broken Access Control vulnerability
S
CVE-2023-48741 WordPress ChatBot Plugin <= 4.7.8 is vulnerable to SQL Injection
S
CVE-2023-48742 WordPress License Manager for WooCommerce Plugin <= 2.2.10 is vulnerable to SQL Injection
S
CVE-2023-48743 WordPress Simply Exclude Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48744 WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability
S
CVE-2023-48746 WordPress Community by PeepSo Plugin <= 6.2.6.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48747 WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability
S
CVE-2023-48748 WordPress Salient Core Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48749 WordPress Salient Core Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48750 WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerability
S
CVE-2023-48751 WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control
S
CVE-2023-48752 WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48753 WordPress Restricted Site Access plugin <= 7.4.1 - IP Restriction Bypass vulnerability
S
CVE-2023-48754 WordPress Delete Post Revisions In WordPress Plugin <= 4.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48755 WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-48756 WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48757 WordPress JetEngine plugin <= 3.2.4 - Privilege Escalation vulnerability
S
CVE-2023-48758 WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability
S
CVE-2023-48759 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability
S
CVE-2023-48760 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability
S
CVE-2023-48761 WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability
S
CVE-2023-48762 WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-48763 WordPress JetFormBuilder plugin <= 3.1.4 - Content Injection vulnerability
S
CVE-2023-48764 WordPress WordPress Brute Force Protection – Stop Brute Force Attacks Plugin <= 2.2.5 is vulnerable to SQL Injection
S
CVE-2023-48765 WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-48766 WordPress SVGator – Add Animated SVG Easily Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48767 WordPress MyTube PlayList Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48768 WordPress Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-48769 WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48770 WordPress Aparat Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48771 WordPress File Gallery Plugin <= 1.8.5.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48772 WordPress Prevent Landscape Rotation Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48773 WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48774 WordPress IdeaPush plugin < 8.58 - Broken Access Control vulnerability
S
CVE-2023-48775 WordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerability
S
CVE-2023-48776 WordPress canvasio3D Light plugin <= 2.5.0 - Broken Access Control vulnerability
CVE-2023-48777 WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability
S
CVE-2023-48778 WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48779 WordPress 360 Javascript Viewer plugin <= 1.7.11 - Broken Access Control vulnerability
S
CVE-2023-48780 WordPress WP Catalogue Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48781 WordPress MkRapel Regiones y Ciudades de Chile para WC Plugin <= 4.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48782 A improper neutralization of special elements used in an os command ('os command injection') in Fort...
S
CVE-2023-48783 An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal ve...
S
CVE-2023-48784 A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and be...
S
CVE-2023-48785 An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may...
S
CVE-2023-48788 A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F...
KEV S
CVE-2023-48789 A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0....
S
CVE-2023-48790 A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 throu...
S
CVE-2023-48791 An improper neutralization of special elements used in a command ('Command Injection') vulnerability...
S
CVE-2023-48792 Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export opti...
CVE-2023-48793 Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature....
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr...
E S
CVE-2023-48796 Apache dolphinscheduler sensitive information disclosure
M
CVE-2023-48799 TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution....
E
CVE-2023-48800 In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fiel...
E
CVE-2023-48801 In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fiel...
E
CVE-2023-48802 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48803 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48804 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48805 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48806 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48807 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48808 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48810 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48811 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from ...
E
CVE-2023-48812 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from t...
E
CVE-2023-48813 Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/...
E
CVE-2023-48815 kkFileView v4.3.0 is vulnerable to Incorrect Access Control....
E
CVE-2023-48823 A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauth...
E
CVE-2023-48824 BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subt...
E
CVE-2023-48825 Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or...
E
CVE-2023-48826 Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reserv...
E
CVE-2023-48827 Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin...
E
CVE-2023-48828 Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues v...
E
CVE-2023-48830 Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export....
E
CVE-2023-48831 A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to...
E
CVE-2023-48833 A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to c...
E
CVE-2023-48834 A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource ex...
E
CVE-2023-48835 Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action....
E
CVE-2023-48836 Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the nam...
E
CVE-2023-48837 Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Cou...
E
CVE-2023-48838 Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Def...
E
CVE-2023-48839 Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the...
CVE-2023-48840 A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause r...
E
CVE-2023-48841 Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action....
E
CVE-2023-48842 D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the ...
E
CVE-2023-48848 An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read ...
CVE-2023-48849 Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to rem...
E
CVE-2023-48858 A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote...
E
CVE-2023-48859 TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access ...
E
CVE-2023-48860 TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access c...
E
CVE-2023-48861 DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges...
E
CVE-2023-48863 SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the ap...
E
CVE-2023-48864 SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in ...
E
CVE-2023-48865 An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via exe...
CVE-2023-48866 A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/r...
CVE-2023-48880 A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to exe...
E
CVE-2023-48881 A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to exe...
E
CVE-2023-48882 A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to exe...
E
CVE-2023-48886 A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via ...
E
CVE-2023-48887 A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via...
E
CVE-2023-48893 SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/s...
E
CVE-2023-48894 Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive informati...
E
CVE-2023-48901 A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated ...
E
CVE-2023-48902 An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attack...
E
CVE-2023-48903 Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauth...
E
CVE-2023-48906 Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of servic...
CVE-2023-48909 An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the F...
E
CVE-2023-48910 Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the compone...
E
CVE-2023-48912 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /...
E
CVE-2023-48913 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /...
E
CVE-2023-48914 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /...
E
CVE-2023-48925 SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escal...
S
CVE-2023-48926 An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allo...
CVE-2023-48928 Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redi...
E
CVE-2023-48929 Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session F...
E
CVE-2023-48930 xinhu xinhuoa 2.2.1 contains a File upload vulnerability....
E
CVE-2023-48938 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-48939 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-48940 A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers t...
CVE-2023-48945 A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Servi...
E S
CVE-2023-48946 An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a...
E S
CVE-2023-48947 An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a...
E S
CVE-2023-48948 An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a...
E S
CVE-2023-48949 An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a...
E S
CVE-2023-48950 An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cau...
E S
CVE-2023-48951 An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause...
E S
CVE-2023-48952 An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows atta...
E
CVE-2023-48957 PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass...
E
CVE-2023-48958 gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:...
E S
CVE-2023-48963 Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget....
E
CVE-2023-48964 Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet....
E
CVE-2023-48965 An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell...
E
CVE-2023-48966 An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53...
E
CVE-2023-48967 Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data....
E
CVE-2023-48974 Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to ...
CVE-2023-48985 Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS...
CVE-2023-48986 Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS...
CVE-2023-48987 Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) befor...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.