| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-49000 | An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended acces... | | |
| CVE-2023-49001 | An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access res... | | |
| CVE-2023-49002 | An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to... | E | |
| CVE-2023-49003 | An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access rest... | E | |
| CVE-2023-49004 | An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a... | | |
| CVE-2023-49006 | Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker... | E S | |
| CVE-2023-49007 | In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbi... | E | |
| CVE-2023-49028 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacke... | E | |
| CVE-2023-49029 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacke... | E | |
| CVE-2023-49030 | SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain s... | E | |
| CVE-2023-49031 | Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform... | | |
| CVE-2023-49032 | An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary c... | | |
| CVE-2023-49034 | Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arb... | E | |
| CVE-2023-49038 | Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated atta... | E | |
| CVE-2023-49040 | An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPw... | E | |
| CVE-2023-49042 | Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary ... | E | |
| CVE-2023-49043 | Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrar... | E | |
| CVE-2023-49044 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary... | E | |
| CVE-2023-49046 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary... | E | |
| CVE-2023-49047 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDev... | E | |
| CVE-2023-49052 | File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code v... | E S | |
| CVE-2023-49058 | Directory Traversal vulnerability in SAP Master Data Governance | | |
| CVE-2023-49060 | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMo... | | |
| CVE-2023-49061 | An attacker could have performed HTML template injection via Reader Mode and exfiltrated user inform... | | |
| CVE-2023-49062 | Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present f... | S | |
| CVE-2023-49068 | Apache DolphinScheduler: Information Leakage Vulnerability | S | |
| CVE-2023-49069 | A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic... | | |
| CVE-2023-49070 | Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present | S | |
| CVE-2023-49073 | A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rt... | | |
| CVE-2023-49074 | A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIM... | | |
| CVE-2023-49075 | Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls | S | |
| CVE-2023-49076 | Pimcore missing token/header to prevent CSRF | E S | |
| CVE-2023-49077 | mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation | | |
| CVE-2023-49078 | Cross-Site Scripting vulnerability in raptor-web 0.4.4 | E S | |
| CVE-2023-49079 | Misskey's missing signature validation allows arbitrary users to impersonate any remote user. | M | |
| CVE-2023-49080 | Jupyter Server errors include tracebacks with path information | S | |
| CVE-2023-49081 | aiohttp's ClientSession is vulnerable to CRLF injection via version | E | |
| CVE-2023-49082 | aiohttp's ClientSession is vulnerable to CRLF injection via method | E | |
| CVE-2023-49083 | cryptography vulnerable to NULL-dereference when loading PKCS7 certificates | E S | |
| CVE-2023-49084 | Local File Inclusion (RCE) in Cacti | E | |
| CVE-2023-49085 | Cacti SQL Injection vulnerability | E | |
| CVE-2023-49086 | Cacti is vulnerable to cross-Site scripting (XSS) DOM | E S | |
| CVE-2023-49087 | Validation of SignedInfo | E S | |
| CVE-2023-49088 | Cacti has incomplete fix for CVE-2023-39515 | E | |
| CVE-2023-49089 | Umbraco CMS possible path traversal when creating packages from backoffice | | |
| CVE-2023-49090 | CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS | S | |
| CVE-2023-49091 | Jwttoken in Cosmos server never expires after password changed and logging out | E S | |
| CVE-2023-49092 | RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels | | |
| CVE-2023-49093 | HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL | E | |
| CVE-2023-49094 | Symbolicator Server Side Request Forgery vulnerability | S | |
| CVE-2023-49095 | nexkey allows arbitrary users to impersonate any remote user due to missing signature validation | S | |
| CVE-2023-49096 | Argument Injection in FFmpeg codec parameters in Jellyfin | E S | |
| CVE-2023-49097 | ZITADEL vulnerable account takeover via malicious host header injection | E S | |
| CVE-2023-49098 | Reaction data for user notifications exposed in Discourse-reactions | S | |
| CVE-2023-49099 | Discourse secure uploads accessible to guests even when login is required | S | |
| CVE-2023-49100 | Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The in... | | |
| CVE-2023-49101 | WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows ... | | |
| CVE-2023-49102 | NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar... | E | |
| CVE-2023-49103 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The... | KEV | |
| CVE-2023-49104 | An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. ... | | |
| CVE-2023-49105 | An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or... | | |
| CVE-2023-49106 | Missing Password Field Masking Vulnerability in Hitachi Device Manager | | |
| CVE-2023-49107 | Generation of Error Message Containing Sensitive Information Vulnerability in Hitachi Device Manager | | |
| CVE-2023-49108 | Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ve... | | |
| CVE-2023-49109 | Remote Code Execution in Apache Dolphinscheduler | S | |
| CVE-2023-49110 | XML External Entity Injection in Kiuwan SAST | S | |
| CVE-2023-49111 | Reflected Cross-Site-Scripting in Kiuwan SAST | S | |
| CVE-2023-49112 | Insecure Direct Object Reference in Kiuwan SAST | S | |
| CVE-2023-49113 | Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer | S | |
| CVE-2023-49114 | Local Privilege Escalation via DLL Hijacking | E S | |
| CVE-2023-49115 | MachineSense FeverWarn Missing Authentication for Critical Function | M | |
| CVE-2023-49117 | PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If... | | |
| CVE-2023-49118 | Dsoftbus has an out-of-bounds read vulnerability | | |
| CVE-2023-49119 | Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0.... | | |
| CVE-2023-49121 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49122 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49123 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49124 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49125 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (... | | |
| CVE-2023-49126 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49127 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49128 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49129 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49130 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49131 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49132 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe... | | |
| CVE-2023-49133 | A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC13... | | |
| CVE-2023-49134 | A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC13... | | |
| CVE-2023-49135 | multimedia player has a UAF vulnerability | | |
| CVE-2023-49137 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-49139 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-49140 | Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remo... | | |
| CVE-2023-49141 | Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated use... | | |
| CVE-2023-49142 | multimedia audio has a UAF vulnerability | | |
| CVE-2023-49143 | Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthe... | | |
| CVE-2023-49144 | Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0... | | |
| CVE-2023-49145 | Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt | | |
| CVE-2023-49146 | DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling ... | S | |
| CVE-2023-49147 | An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was fo... | E | |
| CVE-2023-49148 | WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49149 | WordPress Currency Converter Calculator Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49150 | WordPress Crypto Converter Widget Plugin <= 1.8.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49151 | WordPress Google Calendar Events Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49152 | WordPress Credit Tracker Plugin <= 1.1.17 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49153 | WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49154 | WordPress Button Generator – easily Button Builder plugin <= 2.3.8 - Broken Access Control vulnerability | S | |
| CVE-2023-49155 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49156 | WordPress GoDaddy Email Marketing plugin <= 1.4.3 - Broken Access Control vulnerability | | |
| CVE-2023-49157 | WordPress Multiple Post Passwords Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49158 | WordPress LadiApp plugin <= 4.4 - Broken Access Control lead to XSS vulnerability | | |
| CVE-2023-49159 | WordPress CommentLuv Plugin <= 3.0.4 is vulnerable to Server Side Request Forgery (SSRF) | | |
| CVE-2023-49160 | WordPress Formzu WP Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49161 | WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection | | |
| CVE-2023-49162 | WordPress BigCommerce Plugin <= 5.0.6 is vulnerable to Sensitive Data Exposure | | |
| CVE-2023-49163 | WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49164 | WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49165 | WordPress Client Dash Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49166 | WordPress MSync Plugin <= 1.0.0 is vulnerable to SQL Injection | | |
| CVE-2023-49167 | WordPress Database for CF7 plugin <= 1.2.4 - Broken Access Control vulnerability | S | |
| CVE-2023-49168 | WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49169 | WordPress Ads by datafeedr.com Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49170 | WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49171 | WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49172 | WordPress BrainCert – HTML5 Virtual Classroom Plugin <= 1.30 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49173 | WordPress 10to8 Online Appointment Booking System Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49174 | WordPress Responsive Lightbox Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49175 | WordPress KP Fastest Tawk.to Chat Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49176 | WordPress WP Pocket URLs Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49177 | WordPress which template file Plugin <= 4.9.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49178 | WordPress HDW Player Plugin (Video Player & Video Gallery) Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49179 | WordPress Event post Plugin <= 5.8.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49180 | WordPress Automatic Youtube Video Posts Plugin Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49181 | WordPress WP Event Manager Plugin <= 3.1.40 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49182 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2023-49183 | WordPress NextScripts Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49184 | WordPress Parallax Slider Block Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49185 | WordPress Doofinder for WooCommerce Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49187 | WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49188 | WordPress Track Geolocation Of Users Using Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49189 | WordPress Social Share Buttons & Analytics Plugin – GetSocial.io Plugin <= 4.3.12 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49190 | WordPress Site Offline Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49191 | WordPress GDPR Cookie Consent by Supsystic Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49192 | WordPress Enhanced Text Widget plugin <= 1.6.3 - Broken Access Control vulnerability | S | |
| CVE-2023-49193 | WordPress Grow Social plugin <= 1.30.0 - Broken Access Control vulnerability | S | |
| CVE-2023-49194 | WordPress Importify (Dropshipping WooCommerce) plugin <= 1.0.4 - Sensitive Data Exposure vulnerability | S | |
| CVE-2023-49195 | WordPress Nested Pages Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49196 | WordPress Pagelayer plugin <= 1.7.7 - Broken Access Control vulnerability | S | |
| CVE-2023-49197 | WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49198 | Apache SeaTunnel Web: Arbitrary file read vulnerability | | |
| CVE-2023-49203 | Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) bec... | | |
| CVE-2023-49208 | scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 cr... | S | |
| CVE-2023-49210 | The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper wi... | E S | |
| CVE-2023-49213 | The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to exec... | E M | |
| CVE-2023-49214 | Usedesk before 1.7.57 allows chat template injection.... | | |
| CVE-2023-49215 | Usedesk before 1.7.57 allows filter reflected XSS.... | | |
| CVE-2023-49216 | Usedesk before 1.7.57 allows profile stored XSS.... | | |
| CVE-2023-49221 | Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network... | | |
| CVE-2023-49222 | Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. ... | | |
| CVE-2023-49223 | Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive infor... | | |
| CVE-2023-49224 | Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_key... | | |
| CVE-2023-49225 | A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone... | S | |
| CVE-2023-49226 | An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute fea... | E | |
| CVE-2023-49228 | An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-c... | E | |
| CVE-2023-49229 | An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the ad... | E | |
| CVE-2023-49230 | An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captiv... | E | |
| CVE-2023-49231 | An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthent... | | |
| CVE-2023-49232 | An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthent... | | |
| CVE-2023-49233 | Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers... | | |
| CVE-2023-49234 | An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authe... | | |
| CVE-2023-49235 | An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering ... | E | |
| CVE-2023-49236 | A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading t... | E | |
| CVE-2023-49237 | An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur be... | E | |
| CVE-2023-49238 | In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installati... | | |
| CVE-2023-49239 | Unauthorized access vulnerability in the card management module. Successful exploitation of this vul... | | |
| CVE-2023-49240 | Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerabil... | | |
| CVE-2023-49241 | API permission control vulnerability in the network management module. Successful exploitation of th... | | |
| CVE-2023-49242 | Free broadcast vulnerability in the running management module. Successful exploitation of this vulne... | | |
| CVE-2023-49243 | Vulnerability of unauthorized access to email attachments in the email module. Successful exploitati... | | |
| CVE-2023-49244 | Permission management vulnerability in the multi-user module. Successful exploitation of this vulner... | | |
| CVE-2023-49245 | Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulner... | | |
| CVE-2023-49246 | Unauthorized access vulnerability in the card management module. Successful exploitation of this vul... | | |
| CVE-2023-49247 | Permission verification vulnerability in distributed scenarios. Successful exploitation of this vuln... | | |
| CVE-2023-49248 | Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulne... | | |
| CVE-2023-49250 | Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil | S | |
| CVE-2023-49251 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate inst... | S | |
| CVE-2023-49252 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected applicati... | S | |
| CVE-2023-49253 | Predefined root password | | |
| CVE-2023-49254 | Command injection in the network test tools | | |
| CVE-2023-49255 | Router console accessible without authentication | | |
| CVE-2023-49256 | Predictable encryption passphrase used in publicly accessible configuration file | | |
| CVE-2023-49257 | Command execution using the certificate upload utility | | |
| CVE-2023-49258 | Reflected cross-site scripting vulnerability | | |
| CVE-2023-49259 | Bruteforcing authentication cookie for a given user | | |
| CVE-2023-49260 | Stored cross-site scripting vulnerability | | |
| CVE-2023-49261 | Sensitive authentication-related value accessible publicly | | |
| CVE-2023-49262 | Buffer overflow vulnerability in Cookie authentication field | | |
| CVE-2023-49269 | Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS) | E | |
| CVE-2023-49270 | Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS) | | |
| CVE-2023-49271 | Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS) | | |
| CVE-2023-49272 | Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS) | | |
| CVE-2023-49273 | Umbraco CMS vulnerable to Privilege Escalation using Spoofing | | |
| CVE-2023-49274 | Umbraco CMS SMTP misconfiguration exposes potential registered user email | | |
| CVE-2023-49275 | Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd | E | |
| CVE-2023-49276 | Attribute Injection leading to XSS(Cross-Site-Scripting) in uptime-kuma | E S | |
| CVE-2023-49277 | Reflected Cross-site Scripting Vulnerability in dpaste | S | |
| CVE-2023-49278 | Umbraco CMS brute force exploit can be used to collect valid usernames | | |
| CVE-2023-49279 | Umbraco CMS vulnerable to stored XSS via SVG File Upload | | |
| CVE-2023-49280 | Data leak of password hash through xwiki change request | E S | |
| CVE-2023-49281 | Open Redirect in Login Function of Calendarinho | S | |
| CVE-2023-49282 | Test code in published microsoft-graph package exposes phpinfo() | S | |
| CVE-2023-49283 | Test code in published microsoft-graph-core package exposes phpinfo() | S | |
| CVE-2023-49284 | Command substitution output can trigger shell expansion in fish shell | E S | |
| CVE-2023-49285 | Denial of Service in HTTP Message Processing in Squid | S | |
| CVE-2023-49286 | Denial of Service in Helper Process management | S | |
| CVE-2023-49287 | Buffer overflow vulnerabilities in tinydir | E | |
| CVE-2023-49288 | Denial of Service in HTTP Collapsed Forwarding in Squid | | |
| CVE-2023-49289 | Cross-site Scripting in Ajax.NET Professional | S | |
| CVE-2023-49290 | Malicious parameters can cause a denial of service in lestrrat-go/jwx | E S | |
| CVE-2023-49291 | Improper Sanitization of Branch Name Leads to Arbitrary Code Injection | E S | |
| CVE-2023-49292 | Possible private key restoration in go package github.com/ecies/go | E S | |
| CVE-2023-49293 | Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite | E | |
| CVE-2023-49294 | Asterisk Path Traversal vulnerability | S | |
| CVE-2023-49295 | quic-go's path validation mechanism can cause denial of service | S | |
| CVE-2023-49296 | Arduino Create Agent vulnerable to Reflected Cross-Site Scripting | S | |
| CVE-2023-49297 | Unsafe YAML deserialization in PyDrive2 | E S | |
| CVE-2023-49298 | OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try... | E S | |
| CVE-2023-49299 | Apache DolphinScheduler: Arbitrary js execute as root for authenticated users | S | |
| CVE-2023-49312 | Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violat... | E | |
| CVE-2023-49313 | A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By ex... | E | |
| CVE-2023-49314 | Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inad... | | |
| CVE-2023-49316 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial... | S | |
| CVE-2023-49321 | Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long t... | | |
| CVE-2023-49322 | Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that ... | | |
| CVE-2023-49328 | On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication pha... | | |
| CVE-2023-49329 | Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and e... | M | |
| CVE-2023-49330 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate repo... | | |
| CVE-2023-49331 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports sea... | | |
| CVE-2023-49332 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.... | | |
| CVE-2023-49333 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph featu... | | |
| CVE-2023-49334 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summa... | | |
| CVE-2023-49335 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server de... | | |
| CVE-2023-49337 | Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name... | S | |
| CVE-2023-49338 | Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats a... | | |
| CVE-2023-49339 | Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /... | E | |
| CVE-2023-49340 | An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allo... | | |
| CVE-2023-49341 | An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allo... | | |
| CVE-2023-49342 | Temporary data passed between application components by Budgie Extras Clockworks applet could potent... | | |
| CVE-2023-49343 | Temporary data passed between application components by Budgie Extras Dropby applet could potentiall... | | |
| CVE-2023-49344 | Temporary data passed between application components by Budgie Extras Window Shuffler applet could p... | | |
| CVE-2023-49345 | Temporary data passed between application components by Budgie Extras Takeabreak applet could potent... | | |
| CVE-2023-49346 | Temporary data passed between application components by Budgie Extras WeatherShow applet could poten... | | |
| CVE-2023-49347 | Temporary data passed between application components by Budgie Extras Windows Previews could potenti... | | |
| CVE-2023-49351 | A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware verai... | | |
| CVE-2023-49355 | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1... | E S | |
| CVE-2023-49356 | A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of serv... | E | |
| CVE-2023-49363 | Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpA... | | |
| CVE-2023-49371 | RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.... | E | |
| CVE-2023-49372 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49373 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/dele... | E | |
| CVE-2023-49374 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49375 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49376 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49377 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49378 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49379 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the... | E | |
| CVE-2023-49380 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49381 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49382 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49383 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49391 | An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code ... | E | |
| CVE-2023-49394 | Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from fu... | E | |
| CVE-2023-49395 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49396 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49397 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49398 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49402 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.... | E | |
| CVE-2023-49403 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the fun... | E | |
| CVE-2023-49404 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvance... | E | |
| CVE-2023-49405 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.... | E | |
| CVE-2023-49406 | Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the fun... | E | |
| CVE-2023-49408 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.... | E | |
| CVE-2023-49409 | Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function ... | E | |
| CVE-2023-49410 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the fun... | E | |
| CVE-2023-49411 | Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMesh... | E | |
| CVE-2023-49417 | TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.... | E | |
| CVE-2023-49418 | TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.... | E | |
| CVE-2023-49424 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform... | E | |
| CVE-2023-49425 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /... | E | |
| CVE-2023-49426 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform... | E | |
| CVE-2023-49427 | Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial ... | | |
| CVE-2023-49428 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac... | E | |
| CVE-2023-49429 | Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDe... | E | |
| CVE-2023-49430 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parame... | E | |
| CVE-2023-49431 | Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac'... | E | |
| CVE-2023-49432 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' ... | E | |
| CVE-2023-49433 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parame... | E | |
| CVE-2023-49434 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parame... | E | |
| CVE-2023-49435 | Tenda AX9 V22.03.01.46 is vulnerable to command injection.... | E | |
| CVE-2023-49436 | Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list... | E | |
| CVE-2023-49437 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'lis... | E | |
| CVE-2023-49438 | An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to ... | E M | |
| CVE-2023-49441 | dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.... | E | |
| CVE-2023-49442 | Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attacke... | | |
| CVE-2023-49443 | DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwo... | E | |
| CVE-2023-49444 | An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code v... | E | |
| CVE-2023-49446 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49447 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2023-49448 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via adm... | E | |
| CVE-2023-49453 | Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local at... | E | |
| CVE-2023-49460 | libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImag... | E | |
| CVE-2023-49462 | libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.c... | E S | |
| CVE-2023-49463 | libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at... | E S | |
| CVE-2023-49464 | libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImag... | E S | |
| CVE-2023-49465 | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatia... | E S | |
| CVE-2023-49467 | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combin... | E S | |
| CVE-2023-49468 | Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding... | E S | |
| CVE-2023-49469 | Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to ex... | E | |
| CVE-2023-49471 | Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.... | E | |
| CVE-2023-49473 | Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software v... | | |
| CVE-2023-49484 | Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the artic... | E | |
| CVE-2023-49485 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column ... | | |
| CVE-2023-49486 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model m... | | |
| CVE-2023-49487 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigat... | | |
| CVE-2023-49488 | A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbi... | E | |
| CVE-2023-49489 | Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to... | E | |
| CVE-2023-49490 | XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2023-49492 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2023-49493 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2023-49494 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2023-49501 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbi... | | |
| CVE-2023-49502 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbi... | | |
| CVE-2023-49508 | Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows ... | S | |
| CVE-2023-49515 | Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fix... | E | |
| CVE-2023-49528 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execu... | | |
| CVE-2023-49539 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2023-49540 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2023-49543 | Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized ... | E | |
| CVE-2023-49544 | A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP ... | E | |
| CVE-2023-49545 | A directory listing vulnerability in Customer Support System v1 allows attackers to list directories... | E | |
| CVE-2023-49546 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email par... | E | |
| CVE-2023-49547 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username ... | E | |
| CVE-2023-49548 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname ... | E | |
| CVE-2023-49549 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_get... | E | |
| CVE-2023-49550 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4... | E | |
| CVE-2023-49551 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_... | E | |
| CVE-2023-49552 | An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service v... | E | |
| CVE-2023-49553 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_des... | E | |
| CVE-2023-49554 | Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of se... | E | |
| CVE-2023-49555 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand... | E | |
| CVE-2023-49556 | Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of s... | E | |
| CVE-2023-49557 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_s... | E | |
| CVE-2023-49558 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand... | E | |
| CVE-2023-49559 | An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial... | | |
| CVE-2023-49563 | Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbit... | E | |
| CVE-2023-49566 | Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability | | |
| CVE-2023-49567 | Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239) | S | |
| CVE-2023-49568 | Maliciously crafted Git server replies can cause DoS on go-git clients | S | |
| CVE-2023-49569 | Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients | S | |
| CVE-2023-49570 | Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210) | S | |
| CVE-2023-49572 | XSS vulnerability in VX Search Enterprise | | |
| CVE-2023-49573 | XSS vulnerability in VX Search Enterprise | | |
| CVE-2023-49574 | XSS vulnerability in VX Search Enterprise | | |
| CVE-2023-49575 | XSS vulnerability in VX Search Enterprise | | |
| CVE-2023-49577 | Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution) | | |
| CVE-2023-49578 | Denial of service (DOS) in SAP Cloud Connector | | |
| CVE-2023-49580 | Information disclosure in SAP GUI for Windows and SAP GUI for Java | | |
| CVE-2023-49581 | SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | | |
| CVE-2023-49582 | Apache Portable Runtime (APR): Unexpected lax shared memory permissions | | |
| CVE-2023-49583 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec) | | |
| CVE-2023-49584 | Client-Side Desynchronization vulnerability in SAP Fiori Launchpad | | |
| CVE-2023-49587 | Command Injection vulnerability in SAP Solution Manager | | |
| CVE-2023-49588 | Rejected reason: This is unused.... | R | |
| CVE-2023-49589 | An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation funct... | E | |
| CVE-2023-49590 | Rejected reason: This is unused.... | R | |
| CVE-2023-49593 | Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T... | | |
| CVE-2023-49594 | An information disclosure vulnerability exists in the challenge functionality of instipod DuoUnivers... | E | |
| CVE-2023-49595 | A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of... | | |
| CVE-2023-49598 | Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI vers... | | |
| CVE-2023-49599 | An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev... | E | |
| CVE-2023-49600 | An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2... | E | |
| CVE-2023-49602 | Arkui has a type confusion vulnerability | S | |
| CVE-2023-49603 | Race condition in some Intel(R) System Security Report and System Resources Defense firmware may all... | | |
| CVE-2023-49604 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-49606 | A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and... | | |
| CVE-2023-49607 | Playbook plugin crash via missing interface type assertion | S | |
| CVE-2023-49609 | Rejected reason: This is unused.... | R | |
| CVE-2023-49610 | MachineSense FeverWarn Improper Input Validation | M | |
| CVE-2023-49611 | Rejected reason: This is unused.... | R | |
| CVE-2023-49614 | Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escal... | | |
| CVE-2023-49615 | Improper input validation in some Intel(R) System Security Report and System Resources Defense firmw... | | |
| CVE-2023-49617 | MachineSense FeverWarn Missing Authentication for Critical Function | M | |
| CVE-2023-49618 | Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense fi... | | |
| CVE-2023-49619 | Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions. | | |
| CVE-2023-49620 | Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for | S | |
| CVE-2023-49621 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate inst... | S | |
| CVE-2023-49622 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49624 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49625 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49633 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49639 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49641 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | | |
| CVE-2023-49646 | Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user t... | | |
| CVE-2023-49647 | Zoom Desktop Client for Windows - Improper Access Control | | |
| CVE-2023-49652 | Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earli... | | |
| CVE-2023-49653 | Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, al... | | |
| CVE-2023-49654 | Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkin... | | |
| CVE-2023-49655 | A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows... | | |
| CVE-2023-49656 | Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external e... | | |
| CVE-2023-49657 | Apache Superset: Stored XSS in Dashboard Title and Chart Title | M | |
| CVE-2023-49658 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49665 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49666 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49673 | A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin ... | | |
| CVE-2023-49674 | A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows... | | |
| CVE-2023-49675 | CODESYS: Out-of-bounds write through corrupted project files | | |
| CVE-2023-49676 | CODESYS: Use after free vulnerability through corrupted project files | | |
| CVE-2023-49677 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49678 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49679 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49680 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49681 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49682 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49683 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49684 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49685 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49686 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49687 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49688 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49689 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-49690 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-49691 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | | |
| CVE-2023-49692 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | | |
| CVE-2023-49693 | NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol | E S | |
| CVE-2023-49694 | NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server | E S | |
| CVE-2023-49695 | OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-... | | |
| CVE-2023-49699 | Out-of-bounds access a buffer in IMS | | |
| CVE-2023-49700 | Buffer Copy Without Checking size of input in IMS | | |
| CVE-2023-49701 | Out-of-bounds access a buffer in SIM management | | |
| CVE-2023-49706 | Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthen... | | |
| CVE-2023-49707 | Extension - joomlart.com - SQLi vulnerability in S5 Register module for Joomla 1.0.0-3.0.0 | | |
| CVE-2023-49708 | Extension - joomstar.com - SQLi vulnerability in Starshop component for Joomla 1.0.0-1.0.9 | | |
| CVE-2023-49710 | Rejected reason: This is unused.... | R | |
| CVE-2023-49712 | Rejected reason: This is unused.... | R | |
| CVE-2023-49713 | Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote una... | | |
| CVE-2023-49715 | A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functional... | E | |
| CVE-2023-49716 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection | S | |
| CVE-2023-49721 | An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident ... | | |
| CVE-2023-49722 | Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to ... | | |
| CVE-2023-49733 | Apache Cocoon's StreamGenerator is vulnerable to XXE injection | | |
| CVE-2023-49734 | Apache Superset: Privilege Escalation Vulnerability | | |
| CVE-2023-49735 | Apache Tiles: Unvalidated input may lead to path traversal and XXE | | |
| CVE-2023-49736 | Apache Superset: SQL Injection on where_in JINJA macro | | |
| CVE-2023-49738 | An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo d... | E | |
| CVE-2023-49739 | WordPress PowerPack Pro for Elementor Plugin <= 2.9.23 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49740 | WordPress Seraphinite Accelerator Plugin <= 2.20.28 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49741 | WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability | S | |
| CVE-2023-49742 | WordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulnerability | S | |
| CVE-2023-49743 | WordPress Dashboard Widgets Suite Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49744 | WordPress Gift Up Gift Cards for WordPress and WooCommerce Plugin <= 2.21.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49745 | WordPress Spiffy Calendar Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49746 | WordPress SpeedyCache Plugin <= 1.1.2 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2023-49747 | WordPress Guest Author Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49748 | WordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability | S | |
| CVE-2023-49749 | WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49750 | WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection | S | |
| CVE-2023-49751 | WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49752 | WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection | S | |
| CVE-2023-49753 | WordPress Adifier System plugin < 3.1.4 - Local File Inclusion vulnerability | S | |
| CVE-2023-49754 | WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Broken Access Control vulnerability | | |
| CVE-2023-49755 | WordPress Elementor Timeline Widget plugin <= 2.2 - Notice Dismissal Vulnerability | S | |
| CVE-2023-49756 | WordPress Eventin plugin <= 3.3.52 - Authenticated Notice Dismissal Vulnerability | S | |
| CVE-2023-49757 | WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability | S | |
| CVE-2023-49758 | WordPress WP Booking System plugin <= 2.0.19.2 - Broken Access Control vulnerability | S | |
| CVE-2023-49759 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49760 | WordPress WPsoonOnlinePage Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49761 | WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49762 | WordPress AppMySite Plugin <= 3.11.0 is vulnerable to Sensitive Data Exposure | | |
| CVE-2023-49763 | WordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49764 | WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection | S | |
| CVE-2023-49765 | WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2023-49766 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49767 | WordPress Biteship Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49768 | WordPress WP-FormAssembly plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2023-49769 | WordPress Integrate Google Drive Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49770 | WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49771 | WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49772 | WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection | | |
| CVE-2023-49773 | WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection | | |
| CVE-2023-49774 | WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability | S | |
| CVE-2023-49775 | WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49776 | WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection | | |
| CVE-2023-49777 | WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection | S | |
| CVE-2023-49778 | WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection | | |
| CVE-2023-49779 | Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0... | | |
| CVE-2023-49780 | Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script... | | |
| CVE-2023-49781 | NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue | | |
| CVE-2023-49782 | Cross-Site-Scripting vulnerability in error message passing in richdocumentscode | | |
| CVE-2023-49783 | No permission checks for editing/deleting records with CSV import form | | |
| CVE-2023-49785 | NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting | E S | |
| CVE-2023-49786 | Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation | E S | |
| CVE-2023-49787 | Rejected reason: CVE request originates from private repository... | R | |
| CVE-2023-49788 | Improper handling of browser-side provided input in richdocuments path handling | | |
| CVE-2023-49790 | App PIN code can be bypassed in Nextcloud Files iOS | S | |
| CVE-2023-49791 | Workflows do not require password confirmation on API level | S | |
| CVE-2023-49792 | Bruteforce protection can be bypassed with misconfigured proxy | S | |
| CVE-2023-49793 | Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` | E S | |
| CVE-2023-49794 | The logic of get apk path in KernelSU module can be bypassed | E | |
| CVE-2023-49795 | MindsDB Server-Side Request Forgery vulnerability | S | |
| CVE-2023-49796 | MindsDB Arbitrary File Write vulnerability | S | |
| CVE-2023-49797 | Local Privilege Escalation in pyinstaller on Windows | S | |
| CVE-2023-49798 | Duplicated execution of subcalls in OpenZeppelin Contracts | S | |
| CVE-2023-49799 | Server-Side Request Forgery in nuxt-api-party | E M | |
| CVE-2023-49800 | Denial of service by abusing `fetchOptions.retry` in nuxt-api-party | E | |
| CVE-2023-49801 | Lif Auth Server vulnerable to uncontrolled data in path expression | S | |
| CVE-2023-49802 | MantisBT LinkedCustomFields Cross-site Scripting vulnerability | S | |
| CVE-2023-49803 | @koa/cors has overly permissive origin policy | S | |
| CVE-2023-49804 | Uptime Kuma Password Change Vulnerability | S | |
| CVE-2023-49805 | Uptime Kuma Missing Origin Validation in WebSockets | E S | |
| CVE-2023-49807 | Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior... | | |
| CVE-2023-49809 | Todo plugin gets crashed and disabled by member | S | |
| CVE-2023-49810 | A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of W... | E | |
| CVE-2023-49811 | Rejected reason: This is unused.... | R | |
| CVE-2023-49812 | WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR) | | |
| CVE-2023-49813 | WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49814 | WordPress Symbiostock Lite Plugin <= 6.0.0 is vulnerable to Arbitrary File Upload | | |
| CVE-2023-49815 | WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability | S | |
| CVE-2023-49816 | WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49817 | WordPress Flexible Woocommerce Checkout Field Editor plugin <= 2.0.1 - Broken Access Control vulnerability | | |
| CVE-2023-49818 | WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability | S | |
| CVE-2023-49819 | WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection | | |
| CVE-2023-49820 | WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49821 | WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49822 | WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability | S | |
| CVE-2023-49823 | WordPress Bold Page Builder Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49824 | WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49825 | WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection | S | |
| CVE-2023-49826 | WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection | S | |
| CVE-2023-49827 | WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49828 | WordPress WooCommerce Payments Plugin <= 6.4.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49829 | WordPress Tutor LMS Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49830 | WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE) | S | |
| CVE-2023-49831 | WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability | S | |
| CVE-2023-49832 | WordPress Site Reviews plugin <= 6.10.2 - Broken Access Control vulnerability | S | |
| CVE-2023-49833 | WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49834 | WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49835 | WordPress Post Duplicator plugin <= 2.31 - Broken Access Control vulnerability | S | |
| CVE-2023-49836 | WordPress Cookie Bar Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-49837 | WordPress embed-code plugin <= 2.3.6 - Denial of Service Attack vulnerability | S | |
| CVE-2023-49838 | Cross-Site Request Forgery (CSRF) vulnerability in multiple themes by KlbTheme | | |
| CVE-2023-49839 | Reflected Cross-Site Scripting vulnerability in multiple WordPress components by KlbTheme | | |
| CVE-2023-49840 | WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49841 | WordPress Optin Forms Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49842 | WordPress Rocket Maintenance Mode & Coming Soon Page Plugin <= 4.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49843 | WordPress First Order Discount Woocommerce Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49844 | WordPress WPPerformanceTester Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49845 | WordPress Redirects plugin <= 1.2.1 - Broken Access Control vulnerability | | |
| CVE-2023-49846 | WordPress Author Avatars List/Block Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49847 | WordPress Annual Archive Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49848 | WordPress Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin <= 2.1.1 - Broken Access Control vulnerability | S | |
| CVE-2023-49849 | WordPress Shortcoder plugin <= 6.3 - Broken Access Control vulnerability | S | |
| CVE-2023-49850 | WordPress WP Simple HTML Sitemap plugin <= 2.7 - Broken Access Control vulnerability | S | |
| CVE-2023-49851 | WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability | S | |
| CVE-2023-49852 | WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability | | |
| CVE-2023-49853 | WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49854 | WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-49855 | WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-49856 | WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability | S | |
| CVE-2023-49857 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability | S | |
| CVE-2023-49858 | WordPress Custom Login plugin <= 4.1.0 - Broken Access Control vulnerability | S | |
| CVE-2023-49859 | WordPress Login With Ajax plugin <= 4.1 - Broken Access Control vulnerability | S | |
| CVE-2023-49860 | WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-49861 | WordPress Social Media Feather plugin <= 2.1.3 - Broken Access Control vulnerability | S | |
| CVE-2023-49862 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa... | E | |
| CVE-2023-49863 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa... | E | |
| CVE-2023-49864 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa... | E | |
| CVE-2023-49867 | A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl81... | | |
| CVE-2023-49870 | Rejected reason: This is unused.... | R | |
| CVE-2023-49872 | Rejected reason: This is unused.... | R | |
| CVE-2023-49874 | IDOR when updating the tasks of a private playbook run | S | |
| CVE-2023-49877 | IBM System Storage Virtualization Engine information disclosure | | |
| CVE-2023-49878 | IBM System Storage Virtualization Engine information disclosure | | |
| CVE-2023-49880 | IBM Financial Transaction Manager for SWIFT Services data manipulation | | |
| CVE-2023-49897 | An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE10... | KEV E | |
| CVE-2023-49898 | Apache StreamPark (incubating): Authenticated system users could trigger remote command execution | | |
| CVE-2023-49904 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-49906 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49907 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49908 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49909 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49910 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49911 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49912 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49913 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionali... | | |
| CVE-2023-49914 | InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App rep... | | |
| CVE-2023-49920 | Apache Airflow: Missing CSRF protection on DAG/trigger | S | |
| CVE-2023-49921 | An issue was discovered by Elastic whereby Watcher search input logged the search query results on D... | | |
| CVE-2023-49922 | Beats Insertion of Sensitive Information into Log File | M | |
| CVE-2023-49923 | Enterprise Search Insertion of Sensitive Information into Log File | M | |
| CVE-2023-49926 | app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.... | S | |
| CVE-2023-49927 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exyno... | | |
| CVE-2023-49928 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exyno... | | |
| CVE-2023-49930 | An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficien... | | |
| CVE-2023-49931 | An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not suf... | | |
| CVE-2023-49932 | An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL hos... | | |
| CVE-2023-49933 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcemen... | | |
| CVE-2023-49934 | An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD databa... | | |
| CVE-2023-49935 | An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control beca... | | |
| CVE-2023-49936 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference l... | | |
| CVE-2023-49937 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, at... | | |
| CVE-2023-49938 | An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an ... | | |
| CVE-2023-49943 | Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technicia... | | |
| CVE-2023-49944 | The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07... | | |
| CVE-2023-49946 | In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository... | | |
| CVE-2023-49947 | Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.... | S | |
| CVE-2023-49948 | Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts b... | S | |
| CVE-2023-49949 | Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of ... | E | |
| CVE-2023-49950 | The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize lo... | E | |
| CVE-2023-49952 | Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted H... | | |
| CVE-2023-49954 | The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a fir... | | |
| CVE-2023-49955 | An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for ... | E | |
| CVE-2023-49956 | An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for ... | E | |
| CVE-2023-49957 | An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for ... | E | |
| CVE-2023-49958 | An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for... | E | |
| CVE-2023-49959 | In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdate... | | |
| CVE-2023-49960 | In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd s... | | |
| CVE-2023-49961 | WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Co... | S | |
| CVE-2023-49963 | DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow... | | |
| CVE-2023-49964 | An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious c... | | |
| CVE-2023-49965 | SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters ... | | |
| CVE-2023-49967 | Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /... | E | |
| CVE-2023-49968 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parame... | E | |
| CVE-2023-49969 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parame... | E | |
| CVE-2023-49970 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject p... | E | |
| CVE-2023-49971 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute... | E | |
| CVE-2023-49973 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute... | E | |
| CVE-2023-49974 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute... | E | |
| CVE-2023-49976 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute... | E | |
| CVE-2023-49977 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute... | E | |
| CVE-2023-49978 | Incorrect access control in Customer Support System v1 allows non-administrator users to access admi... | E | |
| CVE-2023-49979 | A directory listing vulnerability in Customer Support System v1 allows attackers to list directories... | E | |
| CVE-2023-49980 | A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to ... | E | |
| CVE-2023-49981 | A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list dir... | E | |
| CVE-2023-49982 | Broken access control in the component /admin/management/users of School Fees Management System v1.0... | E | |
| CVE-2023-49983 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Managem... | E | |
| CVE-2023-49984 | A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Mana... | E | |
| CVE-2023-49985 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Managem... | E | |
| CVE-2023-49986 | A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management ... | E | |
| CVE-2023-49987 | A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Manageme... | E | |
| CVE-2023-49988 | Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss p... | E | |
| CVE-2023-49989 | Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2023-49990 | Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at... | E | |
| CVE-2023-49991 | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPos... | E | |
| CVE-2023-49992 | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding a... | E | |
| CVE-2023-49993 | Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readcl... | E | |
| CVE-2023-49994 | Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarm... | E | |
| CVE-2023-49999 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the fun... | E |