| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-50000 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMe... | E | |
| CVE-2023-50001 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgrade... | E | |
| CVE-2023-50002 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootM... | E | |
| CVE-2023-50007 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbi... | | |
| CVE-2023-50008 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbi... | | |
| CVE-2023-50009 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbi... | | |
| CVE-2023-50010 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbi... | | |
| CVE-2023-50011 | PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.... | E | |
| CVE-2023-50015 | An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers... | | |
| CVE-2023-50017 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /... | E | |
| CVE-2023-50019 | An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific... | E S | |
| CVE-2023-50020 | An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.... | E S | |
| CVE-2023-50026 | SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module... | S | |
| CVE-2023-50027 | SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.... | E S | |
| CVE-2023-50028 | In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu ... | E S | |
| CVE-2023-50029 | PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from Prest... | | |
| CVE-2023-50030 | In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL in... | E S | |
| CVE-2023-50035 | PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "passwor... | E M | |
| CVE-2023-50038 | There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which l... | E | |
| CVE-2023-50044 | Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in... | E S | |
| CVE-2023-50053 | An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive info... | | |
| CVE-2023-50059 | An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via... | | |
| CVE-2023-50061 | PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyr... | S | |
| CVE-2023-50069 | WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SX... | E | |
| CVE-2023-50070 | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_s... | E | |
| CVE-2023-50071 | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_s... | E | |
| CVE-2023-50072 | A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Pro... | E | |
| CVE-2023-50073 | EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter... | E | |
| CVE-2023-50082 | Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers ... | E | |
| CVE-2023-50089 | A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for ... | E | |
| CVE-2023-50090 | Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows ... | | |
| CVE-2023-50092 | APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-50093 | APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.... | E | |
| CVE-2023-50094 | reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack ... | E | |
| CVE-2023-50096 | STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has... | E | |
| CVE-2023-50100 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.... | E | |
| CVE-2023-50101 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.... | E | |
| CVE-2023-50102 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2023-50104 | ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exp... | E | |
| CVE-2023-50110 | TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.... | E S | |
| CVE-2023-50119 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45292. Reason: This record is a re... | R | |
| CVE-2023-50120 | MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in t... | E | |
| CVE-2023-50121 | Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).... | E | |
| CVE-2023-50123 | The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is ... | E | |
| CVE-2023-50124 | Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials ... | E | |
| CVE-2023-50125 | A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to... | | |
| CVE-2023-50126 | Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers t... | | |
| CVE-2023-50127 | Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via ... | E | |
| CVE-2023-50128 | The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio f... | | |
| CVE-2023-50129 | Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a c... | E | |
| CVE-2023-50136 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code v... | E | |
| CVE-2023-50137 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.... | E | |
| CVE-2023-50147 | There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi... | E | |
| CVE-2023-50159 | In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypass... | E | |
| CVE-2023-50162 | SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and... | E | |
| CVE-2023-50164 | Apache Struts: File upload component had a directory traversal vulnerability | S | |
| CVE-2023-50165 | Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could ex... | | |
| CVE-2023-50166 | Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the r... | | |
| CVE-2023-50167 | Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html cont... | | |
| CVE-2023-50168 | Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.... | | |
| CVE-2023-50170 | Rejected reason: This is unused.... | R | |
| CVE-2023-50172 | A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation fu... | E | |
| CVE-2023-50174 | Rejected reason: This is unused.... | R | |
| CVE-2023-50175 | Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown... | | |
| CVE-2023-50176 | A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0... | S | |
| CVE-2023-50178 | An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7... | S | |
| CVE-2023-50179 | An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 ... | S | |
| CVE-2023-50180 | An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497... | S | |
| CVE-2023-50181 | An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1... | S | |
| CVE-2023-50182 | Rejected reason: Not used... | R | |
| CVE-2023-50183 | Rejected reason: Not used... | R | |
| CVE-2023-50184 | Rejected reason: Not used... | R | |
| CVE-2023-50185 | Rejected reason: Not used... | R | |
| CVE-2023-50186 | GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-50187 | Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2023-50188 | Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2023-50189 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-50190 | Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-50191 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-50192 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-50193 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-50194 | Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-50195 | Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2023-50196 | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2023-50197 | Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability | | |
| CVE-2023-50198 | D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50199 | D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability | M | |
| CVE-2023-50200 | D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50201 | D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50202 | D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50203 | D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50204 | D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50205 | D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50206 | D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50207 | D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50208 | D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-50209 | D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-50210 | D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-50211 | D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability | M | |
| CVE-2023-50212 | D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability | M | |
| CVE-2023-50213 | D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50214 | D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50215 | D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50216 | D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50217 | D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability | M | |
| CVE-2023-50218 | Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-50219 | Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-50220 | Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-50221 | Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-50222 | Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-50223 | Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2023-50224 | TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability | | |
| CVE-2023-50225 | TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-50226 | Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability | | |
| CVE-2023-50227 | Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2023-50228 | Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability | | |
| CVE-2023-50229 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-50230 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-50231 | NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability | | |
| CVE-2023-50232 | Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability | | |
| CVE-2023-50233 | Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2023-50234 | Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-50235 | Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2023-50236 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product i... | | |
| CVE-2023-50239 | Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionali... | E | |
| CVE-2023-50240 | Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionali... | E | |
| CVE-2023-50241 | Rejected reason: This is unused.... | R | |
| CVE-2023-50243 | Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek ... | E | |
| CVE-2023-50244 | Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek ... | E | |
| CVE-2023-50245 | OpenEXR-viewer memory overflow vulnerability | E S | |
| CVE-2023-50246 | jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c | E S | |
| CVE-2023-50247 | h2o QUIC state exhaustion DoS | S | |
| CVE-2023-50248 | CKAN out of memory error when submitting the dataset form with a specially-crafted field | S | |
| CVE-2023-50249 | Sentry's Astro SDK vulnerable to ReDoS | S | |
| CVE-2023-50250 | Cross-Site Scripting vulnerability when Import xml template file | E | |
| CVE-2023-50251 | php-svg-lib possible DoS caused by infinite recursion when parsing SVG document | E S | |
| CVE-2023-50252 | php-svg-lib unsafe attributes merge when parsing `use` tag | E S | |
| CVE-2023-50253 | laf logs leak | E | |
| CVE-2023-50254 | Deepin Reader RCE vulnerability due to a design flaw | E S | |
| CVE-2023-50255 | Zip Path Traversal in Deepin-Compressor | E S | |
| CVE-2023-50256 | Froxlor username/surname AND company field Bypass | E S | |
| CVE-2023-50257 | Disconnect Vulnerability in RTPS Packets Used by SROS2 | | |
| CVE-2023-50258 | Blind SSRF in `/home/testdiscord` endpoint | E | |
| CVE-2023-50259 | Blind SSRF in /home/testslack endpoint | E S | |
| CVE-2023-50260 | Wazuh's vulnerability in host_deny AR script allows arbitrary command execution | E | |
| CVE-2023-50262 | Dompdf possible DoS caused by infinite recursion when parsing SVG images | E S | |
| CVE-2023-50263 | Nautobot allows unauthenticated db-file-storage views | S | |
| CVE-2023-50264 | Bazarr Arbitrary file read in /system/backup/download/ endpoint | E S | |
| CVE-2023-50265 | Bazarr Arbitrary file read in /api/swaggerui/static endpoint | E S | |
| CVE-2023-50266 | Bazarr Blind Server-Side Request Forgery (SSRF) in the /test/ | S | |
| CVE-2023-50267 | MeterSphere horizontal privilege escalation vulnerability of resources in project scope. | | |
| CVE-2023-50268 | jq has stack-based buffer overflow in decNaNs | E S | |
| CVE-2023-50269 | SQUID-2023:10 Denial of Service in HTTP Request parsing | | |
| CVE-2023-50270 | Apache DolphinScheduler: Session do not expire after password change | S | |
| CVE-2023-50271 | HP-UX System Management Homepage, Disclosure of Information | | |
| CVE-2023-50272 | A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and In... | | |
| CVE-2023-50274 | HPE OneView may allow command injection with local privilege escalation.... | | |
| CVE-2023-50275 | HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.... | | |
| CVE-2023-50290 | Apache Solr: Host environment variables are published via the Metrics API | | |
| CVE-2023-50291 | Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords | | |
| CVE-2023-50292 | Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users | | |
| CVE-2023-50293 | Rejected reason: This is unused.... | R | |
| CVE-2023-50294 | The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in... | | |
| CVE-2023-50297 | Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthent... | | |
| CVE-2023-50298 | Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions | | |
| CVE-2023-50303 | IBM InfoSphere Information Server cross-site scripting | | |
| CVE-2023-50304 | IBM Engineering Requirements Management DOORS XML external entity injection | | |
| CVE-2023-50305 | IBM Engineering Requirements Management information disclosure | | |
| CVE-2023-50306 | IBM Common Licensing information disclosure | | |
| CVE-2023-50307 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2023-50308 | IBM Db2 denial of service | S | |
| CVE-2023-50309 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2023-50310 | IBM CICS Transaction Gateway for Multiplatforms information disclosure | | |
| CVE-2023-50311 | IBM CICS Transaction Gateway for Multiplatforms information disclosure | | |
| CVE-2023-50312 | IBM WebSphere Application Server Liberty information disclosure | | |
| CVE-2023-50313 | IBM WebSphere Application Server information disclosure | | |
| CVE-2023-50314 | IBM WebSphere Application Server Libery information disclosure | | |
| CVE-2023-50315 | IBM WebSphere Application Server information disclosure | | |
| CVE-2023-50316 | IBM Sterling B2B Integrator information disclosure | | |
| CVE-2023-50324 | IBM Cognos Command Center information disclosure | | |
| CVE-2023-50326 | IBM PowerSC information Disclosure | S | |
| CVE-2023-50327 | IBM PowerSC weak security | S | |
| CVE-2023-50328 | IBM PowerSC information disclosure | S | |
| CVE-2023-50329 | Rejected reason: This is unused.... | R | |
| CVE-2023-50330 | A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl81... | | |
| CVE-2023-50332 | Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI vers... | | |
| CVE-2023-50333 | Lack of restriction to manage group names for freshly demoted guests | S | |
| CVE-2023-50335 | Rejected reason: This is unused.... | R | |
| CVE-2023-50336 | Rejected reason: This is unused.... | R | |
| CVE-2023-50337 | Rejected reason: This is unused.... | R | |
| CVE-2023-50338 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2023-50339 | Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI... | | |
| CVE-2023-50341 | Improper Access Control affects DRYiCE MyXalytics | | |
| CVE-2023-50342 | Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics | | |
| CVE-2023-50343 | Improper Access Control (Controller APIs) affects DRYiCE MyXalytics | | |
| CVE-2023-50344 | Unauthenticated File Downloads affect DRYiCE MyXalytics | | |
| CVE-2023-50345 | Open Redirect affects DRYiCE MyXalytics | | |
| CVE-2023-50346 | An information disclosure affects DRYiCE MyXalytics | | |
| CVE-2023-50347 | Insecure SQL Interface affects HCL DRYiCE MyXalytics | | |
| CVE-2023-50348 | Improper Error Handling affects DRYiCE MyXalytics | | |
| CVE-2023-50349 | HCL Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2023-50350 | A broken cryptographic algorithm impacts MyXalytics | | |
| CVE-2023-50351 | Insecure key rotation affects MyXalytics | | |
| CVE-2023-50355 | HCL Sametime is impacted by generation of error messages containing sensitive information | | |
| CVE-2023-50356 | Improper Certificate Validation in AREAL Topkapi Vision (Server) | | |
| CVE-2023-50357 | Cross site scripting vulnerability in AREAL SAS Webserv1 ASP Web Site | | |
| CVE-2023-50358 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2023-50359 | QTS, QuTS hero | S | |
| CVE-2023-50360 | Video Station | S | |
| CVE-2023-50361 | QTS, QuTS hero | S | |
| CVE-2023-50362 | QTS, QuTS hero | S | |
| CVE-2023-50363 | QTS, QuTS hero | S | |
| CVE-2023-50364 | QTS, QuTS hero | S | |
| CVE-2023-50366 | QTS, QuTS hero | S | |
| CVE-2023-50368 | WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50369 | WordPress Alma – Pay in installments or later for WooCommerce Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50370 | WordPress Livemesh Addons for WPBakery Page Builder Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50371 | WordPress Advanced Page Visit Counter Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50372 | WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-50373 | WordPress Alt Manager plugin <= 1.6.1 - Broken Access Control vulnerability | S | |
| CVE-2023-50374 | WordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2023-50375 | WordPress Translate WordPress – Google Language Translator plugin <= 6.0.19 - Broken Access Control vulnerability | S | |
| CVE-2023-50376 | WordPress Simple Membership Plugin <= 4.3.8 is vulnerable to Unauth. Reflected Cross Site Scripting (XSS) | S | |
| CVE-2023-50377 | WordPress Simple Counter Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50378 | Apache Ambari: Various XSS problems | | |
| CVE-2023-50379 | Apache Ambari: authenticated users could perform command injection to perform RCE | | |
| CVE-2023-50380 | Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server | | |
| CVE-2023-50381 | Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x... | E | |
| CVE-2023-50382 | Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x... | | |
| CVE-2023-50383 | Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x... | | |
| CVE-2023-50386 | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | | |
| CVE-2023-50387 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r... | S | |
| CVE-2023-50395 | SQL Injection Remote Code Execution Vulnerability | S | |
| CVE-2023-50422 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) | | |
| CVE-2023-50423 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec) | | |
| CVE-2023-50424 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) | | |
| CVE-2023-50428 | In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits ca... | | |
| CVE-2023-50429 | IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.... | E | |
| CVE-2023-50430 | The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure ... | E | |
| CVE-2023-50431 | sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.... | S | |
| CVE-2023-50432 | simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon cras... | | |
| CVE-2023-50433 | marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a d... | | |
| CVE-2023-50434 | emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0... | | |
| CVE-2023-50436 | An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in ... | | |
| CVE-2023-50437 | An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full ... | | |
| CVE-2023-50439 | ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ... | | |
| CVE-2023-50440 | ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ... | | |
| CVE-2023-50441 | Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification subm... | | |
| CVE-2023-50442 | Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (w... | | |
| CVE-2023-50443 | Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission)... | | |
| CVE-2023-50444 | By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification ... | | |
| CVE-2023-50445 | Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT... | E | |
| CVE-2023-50446 | An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on ... | S | |
| CVE-2023-50447 | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment paramet... | | |
| CVE-2023-50448 | In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to acc... | S | |
| CVE-2023-50449 | JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /comm... | E | |
| CVE-2023-50453 | An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its... | | |
| CVE-2023-50454 | An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish... | | |
| CVE-2023-50455 | An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address v... | | |
| CVE-2023-50456 | An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated ... | | |
| CVE-2023-50457 | An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answ... | | |
| CVE-2023-50463 | The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For... | | |
| CVE-2023-50465 | A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG d... | E S | |
| CVE-2023-50466 | An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS ... | | |
| CVE-2023-50469 | Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overf... | E | |
| CVE-2023-50470 | A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows ... | E | |
| CVE-2023-50471 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemIn... | E S | |
| CVE-2023-50472 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestri... | E S | |
| CVE-2023-50473 | Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote atta... | | |
| CVE-2023-50475 | An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitiv... | E | |
| CVE-2023-50477 | An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges ... | | |
| CVE-2023-50481 | An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive inf... | | |
| CVE-2023-50488 | An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitr... | E | |
| CVE-2023-50495 | NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry... | S | |
| CVE-2023-50550 | layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-... | | |
| CVE-2023-50559 | An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information vi... | | |
| CVE-2023-50563 | Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_... | E | |
| CVE-2023-50564 | An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.1... | E | |
| CVE-2023-50565 | A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows... | E | |
| CVE-2023-50566 | A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to exe... | E | |
| CVE-2023-50569 | Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a r... | R | |
| CVE-2023-50570 | An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This ... | E | |
| CVE-2023-50571 | easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the... | E | |
| CVE-2023-50572 | An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an ... | E | |
| CVE-2023-50578 | Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType pa... | E | |
| CVE-2023-50585 | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the f... | E | |
| CVE-2023-50589 | Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2023-50609 | Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version ... | | |
| CVE-2023-50612 | Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attac... | E | |
| CVE-2023-50614 | An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via ... | E | |
| CVE-2023-50628 | Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code a... | E S | |
| CVE-2023-50630 | Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to exec... | E | |
| CVE-2023-50639 | Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to o... | | |
| CVE-2023-50643 | An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code... | E | |
| CVE-2023-50651 | TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vu... | E | |
| CVE-2023-50658 | The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consump... | S | |
| CVE-2023-50671 | In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because... | E | |
| CVE-2023-50677 | An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via... | | |
| CVE-2023-50685 | An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service vi... | | |
| CVE-2023-50692 | File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a ... | E | |
| CVE-2023-50693 | An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request.... | E | |
| CVE-2023-50694 | An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted ... | E S | |
| CVE-2023-50700 | Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged o... | | |
| CVE-2023-50702 | Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by lo... | | |
| CVE-2023-50703 | Cleartext Transmission of Sensitive Information in EFACEC UC 500E | S | |
| CVE-2023-50704 | URL Redirection to Untrusted Site ('Open Redirect') in EFACEC UC 500E | S | |
| CVE-2023-50705 | Exposure of Sensitive Information to an Unauthorized Actor in EFACEC UC 500E | S | |
| CVE-2023-50706 | Improper Access Control in EFACEC UC 500E | S | |
| CVE-2023-50707 | Uncontrolled Resource Consumption in EFACEC BCU 500 | S | |
| CVE-2023-50708 | yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation | E S | |
| CVE-2023-50709 | Denial of service attack on the cube-api endpoint | | |
| CVE-2023-50710 | Hono's named path parameters can be overridden in TrieRouter | E S | |
| CVE-2023-50711 | `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access | S | |
| CVE-2023-50712 | Improper Neutralization of Alternate XSS Syntax in iris-web | | |
| CVE-2023-50713 | Speckle Server API Token Privilege Escalation | S | |
| CVE-2023-50714 | The Oauth2 PKCE implementation is vulnerable | E S | |
| CVE-2023-50715 | User accounts disclosed to unauthenticated actors on the LAN | E S | |
| CVE-2023-50716 | Invalid DATA_FRAG Submessage causes a bad-free error | | |
| CVE-2023-50717 | NocoDB Allows Preview of File with Dangerous Content | | |
| CVE-2023-50718 | NocoDB SQL Injection vulnerability | | |
| CVE-2023-50719 | XWiki Platform Solr search discloses password hashes of all users | S | |
| CVE-2023-50720 | XWiki Platform Solr search discloses email addresses of users | S | |
| CVE-2023-50721 | XWiki Platform RCE from account through SearchAdmin | S | |
| CVE-2023-50722 | XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass | S | |
| CVE-2023-50723 | XWiki Platform remote code execution/programming rights with configuration section from any user account | S | |
| CVE-2023-50724 | Resque vulnerable to reflected cross site scripting through pathname | E S | |
| CVE-2023-50725 | Resque vulnerable to reflected XSS in resque-web failed and queues lists | S | |
| CVE-2023-50726 | Users with `create` but not `override` privileges can perform local sync in argo-cd | | |
| CVE-2023-50727 | Resque vulnerable to reflected XSS in Queue Endpoint | S | |
| CVE-2023-50728 | Unauthenticated Denial of Service in the octokit/webhooks library | | |
| CVE-2023-50729 | An unrestricted file upload vulnerability in traccar leads to RCE | | |
| CVE-2023-50730 | Grackle has StackOverflowError in GraphQL query processing | S | |
| CVE-2023-50731 | MindsDB has arbitrary file write in file.py | E | |
| CVE-2023-50732 | Velocity execution without script right through tree macro | E S | |
| CVE-2023-50733 | A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices. | | |
| CVE-2023-50734 | A vulnerability has been identified in the PostScript interpreter in various Lexmark devices. | S | |
| CVE-2023-50735 | A vulnerability has been identified in the PostScript interpreter in various Lexmark devices. | S | |
| CVE-2023-50736 | A vulnerability has been identified in the PostScript interpreter in various Lexmark devices. | S | |
| CVE-2023-50737 | An input validation vulnerability in the SE Menu allows an attacker to execute arbitrary code. | S | |
| CVE-2023-50738 | A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices. | | |
| CVE-2023-50739 | A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. | | |
| CVE-2023-50740 | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged | | |
| CVE-2023-50743 | Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50752 | Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50753 | Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50760 | Online Notice Board System v1.0 - Insecure File Upload | E | |
| CVE-2023-50761 | The signature of a digitally signed S/MIME email message may optionally specify the signature creati... | | |
| CVE-2023-50762 | When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the t... | | |
| CVE-2023-50763 | A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3... | | |
| CVE-2023-50764 | Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query paramete... | | |
| CVE-2023-50765 | A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attacke... | | |
| CVE-2023-50766 | A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and ear... | | |
| CVE-2023-50767 | Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers wit... | | |
| CVE-2023-50768 | A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and ear... | | |
| CVE-2023-50769 | Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers wit... | | |
| CVE-2023-50770 | Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user accou... | | |
| CVE-2023-50771 | Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect U... | | |
| CVE-2023-50772 | Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.x... | | |
| CVE-2023-50773 | Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job... | | |
| CVE-2023-50774 | A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier al... | | |
| CVE-2023-50775 | A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and ... | | |
| CVE-2023-50776 | Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted... | | |
| CVE-2023-50777 | Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens disp... | | |
| CVE-2023-50778 | A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earl... | | |
| CVE-2023-50779 | Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with... | | |
| CVE-2023-50780 | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | | |
| CVE-2023-50781 | M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657 | M | |
| CVE-2023-50782 | Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659 | M | |
| CVE-2023-50783 | Apache Airflow: Improper access control vulnerability on the "varimport" endpoint | S | |
| CVE-2023-50784 | A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthentic... | | |
| CVE-2023-50785 | Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories... | | |
| CVE-2023-50803 | An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980,... | | |
| CVE-2023-50804 | An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980,... | | |
| CVE-2023-50805 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with vers... | | |
| CVE-2023-50806 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with vers... | | |
| CVE-2023-50807 | A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, E... | | |
| CVE-2023-50808 | Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Mo... | | |
| CVE-2023-50809 | In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless drive... | | |
| CVE-2023-50810 | In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists ... | | |
| CVE-2023-50811 | An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer... | | |
| CVE-2023-50821 | A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC Wi... | | |
| CVE-2023-50822 | WordPress Currency Converter Widget Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50823 | WordPress CSS & JavaScript Toolbox Plugin <= 11.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50824 | WordPress Insert or Embed Articulate Content into WordPress Plugin <= 4.3000000021 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50825 | WordPress iframe Shortcode Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50826 | WordPress Menu Image, Icons made easy Plugin <= 3.10 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50827 | WordPress Accredible Certificates & Open Badges Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50828 | WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-50829 | WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50830 | WordPress Seos Contact Form Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50831 | WordPress CURCY Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-50832 | WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-50833 | WordPress Colibri Page Builder Plugin <= 1.0.239 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2023-50834 | WordPress WooCommerce Menu Extension Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50835 | WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2023-50836 | WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2023-50837 | WordPress Login Lockdown Plugin <= 2.06 is vulnerable to SQL Injection | S | |
| CVE-2023-50838 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection | S | |
| CVE-2023-50839 | WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection | S | |
| CVE-2023-50840 | WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection | S | |
| CVE-2023-50841 | WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection | S | |
| CVE-2023-50842 | WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection | | |
| CVE-2023-50843 | WordPress Clockwork SMS Notfications Plugin <= 3.0.4 is vulnerable to SQL Injection | | |
| CVE-2023-50844 | WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection | S | |
| CVE-2023-50845 | WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection | S | |
| CVE-2023-50846 | WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection | S | |
| CVE-2023-50847 | WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection | S | |
| CVE-2023-50848 | WordPress 404 Solution Plugin <= 2.34.0 is vulnerable to SQL Injection | S | |
| CVE-2023-50849 | WordPress e2pdf Plugin <= 1.20.23 is vulnerable to SQL Injection | S | |
| CVE-2023-50850 | WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability | S | |
| CVE-2023-50851 | WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection | S | |
| CVE-2023-50852 | WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection | S | |
| CVE-2023-50853 | WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.75.0 is vulnerable to SQL Injection | S | |
| CVE-2023-50854 | WordPress Squirrly SEO - Advanced Pack Plugin <= 2.3.8 is vulnerable to SQL Injection | | |
| CVE-2023-50855 | WordPress Pre* Party Resource Hints Plugin <= 1.8.18 is vulnerable to SQL Injection | | |
| CVE-2023-50856 | WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 2.14.3 is vulnerable to SQL Injection | S | |
| CVE-2023-50857 | WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection | S | |
| CVE-2023-50858 | WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-50859 | WordPress WP Crowdfunding Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50860 | WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50861 | WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2023-50862 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50863 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50864 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50865 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50866 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50867 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | E | |
| CVE-2023-50868 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped... | | |
| CVE-2023-50870 | In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible... | | |
| CVE-2023-50871 | In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread repl... | | |
| CVE-2023-50872 | The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference a... | | |
| CVE-2023-50873 | WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-50874 | WordPress Ajax Load More Plugin <= 6.1.0.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50875 | WordPress Sensei LMS Plugin <= 4.17.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50876 | WordPress Molongui plugin <= 4.7.3 - Broken Access Control vulnerability | S | |
| CVE-2023-50877 | WordPress Product Filter by WBW plugin <= 2.5.0 - Broken Access Control vulnerability | S | |
| CVE-2023-50878 | WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-50879 | WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50880 | WordPress BuddyPress Plugin <= 11.3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50881 | WordPress Advanced Access Manager Plugin <= 6.9.15 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50882 | WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability | S | |
| CVE-2023-50883 | ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expressio... | E | |
| CVE-2023-50884 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability | S | |
| CVE-2023-50885 | WordPress Store Locator WordPress Plugin <= 1.4.14 is vulnerable to Arbitrary File Deletion | S | |
| CVE-2023-50886 | WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability | S | |
| CVE-2023-50887 | WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability | S | |
| CVE-2023-50889 | WordPress Beaver Builder Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50890 | WordPress Ultimate Addons for Elementor plugin <= 1.36.20 - Privilege Escalation vulnerability | S | |
| CVE-2023-50891 | WordPress Zoho Forms Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50892 | WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50893 | WordPress UpSolution Core Plugin <= 8.17.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50894 | In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl... | | |
| CVE-2023-50895 | In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.S... | | |
| CVE-2023-50896 | WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50898 | WordPress Image Optimizer, Resizer and CDN – Sirv plugin <= 7.1.2 - Broken Access Control vulnerability | S | |
| CVE-2023-50899 | WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability | S | |
| CVE-2023-50900 | WordPress Master Slider plugin <= 3.9.10 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2023-50901 | WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50902 | WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2023-50903 | WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability | S | |
| CVE-2023-50904 | WordPress Poll Maker plugin <= 4.8.0 - Broken Access Control vulnerability | S | |
| CVE-2023-50905 | WordPress WP Activity Log Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2023-50913 | Oxide control plane software before 5 allows SSRF.... | | |
| CVE-2023-50914 | A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0... | | |
| CVE-2023-50915 | An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could... | | |
| CVE-2023-50916 | Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authenticat... | E | |
| CVE-2023-50917 | MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell me... | S | |
| CVE-2023-50918 | app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.... | S | |
| CVE-2023-50919 | An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication by... | E | |
| CVE-2023-50920 | An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID aft... | E | |
| CVE-2023-50921 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interfac... | | |
| CVE-2023-50922 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminT... | E | |
| CVE-2023-50923 | In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain t... | | |
| CVE-2023-50924 | Stored XSS in Overview and Output fields | S | |
| CVE-2023-50926 | Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG | S | |
| CVE-2023-50927 | Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG | | |
| CVE-2023-50928 | sandbox-accounts-for-events security misconfiguration leads to budget exceed | S | |
| CVE-2023-50930 | An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is... | | |
| CVE-2023-50931 | An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative us... | | |
| CVE-2023-50932 | An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative u... | | |
| CVE-2023-50933 | IBM PowerSC HTML injection | S | |
| CVE-2023-50934 | IBM PowerSC improper authentication | S | |
| CVE-2023-50935 | IBM PowerSC forced browsing | S | |
| CVE-2023-50936 | IBM PowerSC session fixation | S | |
| CVE-2023-50937 | IBM PowerSC information disclosure | S | |
| CVE-2023-50938 | IBM PowerSC clickjacking | S | |
| CVE-2023-50939 | IBM PowerSC information Disclosure | S | |
| CVE-2023-50940 | IBM PowerSC cross-resource origin sharing | S | |
| CVE-2023-50941 | IBM PowerSC session fixation | S | |
| CVE-2023-50943 | Apache Airflow: Potential pickle deserialization vulnerability in XComs | S | |
| CVE-2023-50944 | Apache Airflow: Bypass permission verification to read code of other dags | S | |
| CVE-2023-50945 | IBM Common Licensing information disclosure | | |
| CVE-2023-50946 | IBM Common Licensing information disclosure | | |
| CVE-2023-50947 | IBM Business Automation Workflow cross-site scripting | | |
| CVE-2023-50948 | IBM Storage Fusion HCI information disclosure | | |
| CVE-2023-50949 | IBM QRadar improper certificate validation | | |
| CVE-2023-50950 | IBM QRadar information disclosure | S | |
| CVE-2023-50951 | IBM QRadar Suite information disclosure | | |
| CVE-2023-50952 | IBM InfoSphere Information Server server-side request forgery | | |
| CVE-2023-50953 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2023-50954 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2023-50955 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2023-50956 | IBM Storage Defender - Resiliency Service information disclosure | | |
| CVE-2023-50957 | IBM Storage Defender - Resiliency Service privilege escalation | S | |
| CVE-2023-50959 | IBM Cloud Pak for Business Automation information disclosure | | |
| CVE-2023-50961 | IBM QRadar cross-site scripting | | |
| CVE-2023-50962 | IBM PowerSC information disclosure | | |
| CVE-2023-50963 | IBM Storage Defender HTTP HOST header injection | | |
| CVE-2023-50964 | IBM InfoSphere Information Server cross-site scripting | | |
| CVE-2023-50965 | In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c all... | E M | |
| CVE-2023-50966 | erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of ser... | | |
| CVE-2023-50967 | latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via... | | |
| CVE-2023-50968 | Apache OFBiz: Arbitrary file properties reading and SSRF attack | S | |
| CVE-2023-50969 | Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted ... | | |
| CVE-2023-50974 | In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are... | E | |
| CVE-2023-50975 | The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution bec... | | |
| CVE-2023-50976 | Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactio... | E S | |
| CVE-2023-50977 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2023-50979 | Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 p... | E | |
| CVE-2023-50980 | gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (app... | E | |
| CVE-2023-50981 | ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of ser... | E | |
| CVE-2023-50982 | Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_actio... | E | |
| CVE-2023-50983 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysSched... | E | |
| CVE-2023-50984 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdt... | E | |
| CVE-2023-50985 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the l... | E | |
| CVE-2023-50986 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sy... | E | |
| CVE-2023-50987 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sy... | E | |
| CVE-2023-50988 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in t... | E | |
| CVE-2023-50989 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet ... | E | |
| CVE-2023-50990 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in ... | E | |
| CVE-2023-50991 | Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote att... | E | |
| CVE-2023-50992 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPi... | E | |
| CVE-2023-50993 | Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-... | |