CVE-2023-6xxx

There are 894 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS
E
CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication
CVE-2023-6002 Log Injection
CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
M
CVE-2023-6005 EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting
E
CVE-2023-6006 Privilege Escalation Vulnerability
CVE-2023-6007 The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data,...
CVE-2023-6008 The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and ...
CVE-2023-6009 The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and includ...
CVE-2023-6010 Rejected reason: Accidental Request....
R
CVE-2023-6011 Stored XSS in Geodi
CVE-2023-6012 Incorrect input data validation in Lanaccess ONSAFE MonitorHM Web Console
S
CVE-2023-6013 H2O Local File Include
E
CVE-2023-6014 MLflow Authentication Bypass
E
CVE-2023-6015 MLflow Arbitrary File Upload
E
CVE-2023-6016 H2O Remote Code Execution via POJO Model Import
E
CVE-2023-6017 H2O S3 Bucket Takeover
E
CVE-2023-6018 MLflow Arbitrary File Write
E
CVE-2023-6019 Ray Command Injection in cpu_profile Parameter
E
CVE-2023-6020 Ray Static File Local File Include
E
CVE-2023-6021 Ray Log File Local File Include
E
CVE-2023-6022 Cross-Site Request Forgery (CSRF) in prefecthq/prefect
E
CVE-2023-6023 ModelDB Local File Include
E
CVE-2023-6026 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in PHPMemcachedAdmin
CVE-2023-6027 Cross-site Scripting vulnerability in PHPMemcachedAdmin
CVE-2023-6028 SDM Web interface vulnerable to XSS
S
CVE-2023-6029 EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management
E
CVE-2023-6030 LogDash Activity Log < 1.1.4 - Unauthenticated SQLi
E
CVE-2023-6032 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabil...
CVE-2023-6033 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2023-6034 Rejected reason: Accidental request....
R
CVE-2023-6035 EazyDocs < 2.3.4 - Subscriber + SQLi
E
CVE-2023-6036 Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass
E
CVE-2023-6037 WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS
E
CVE-2023-6038 Local File Inclusion in h2oai/h2o-3
E
CVE-2023-6039 Kernel: use-after-free in drivers/net/usb/lan78xx.c in lan78xx_disconnect
S
CVE-2023-6040 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)
S
CVE-2023-6042 Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin
E
CVE-2023-6043 A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacke...
S
CVE-2023-6044 A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacke...
S
CVE-2023-6045 Arkruntime has a type confusion vulnerability
CVE-2023-6046 EventON < 2.2 - Admin+ Stored HTML Injection
E
CVE-2023-6047 Reflected XSS in Algoritim E-commerce Software
CVE-2023-6048 Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update
E
CVE-2023-6049 Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection
E
CVE-2023-6050 Estatik Real Estate Plugin < 4.1.1 - Reflected XSS
E
CVE-2023-6051 Improper Control of Generation of Code ('Code Injection') in GitLab
E S
CVE-2023-6052 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6053 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6054 Tongda OA 2017 lock.php sql injection
E
CVE-2023-6055 Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158)
S
CVE-2023-6056 Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)
S
CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
S
CVE-2023-6058 HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)
S
CVE-2023-6060 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-6061 Rejected reason: This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto N...
R
CVE-2023-6062 Arbitrary File Write
CVE-2023-6063 WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
E
CVE-2023-6064 PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure
E
CVE-2023-6065 Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure
E
CVE-2023-6066 WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update
E
CVE-2023-6067 WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS
E
CVE-2023-6068 On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some
S
CVE-2023-6069 Improper Link Resolution Before File Access in froxlor/froxlor
E S
CVE-2023-6070 A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged ...
CVE-2023-6071 An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to vers...
S
CVE-2023-6072 A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows...
CVE-2023-6073 DoS and Control of Volume Settings for VW ID.3 ICAS3 IVI ECU
E
CVE-2023-6074 PHPGurukul Restaurant Table Booking System Booking Reservation check-status.php sql injection
CVE-2023-6075 PHPGurukul Restaurant Table Booking System Reservation Request index.php cross site scripting
CVE-2023-6076 PHPGurukul Restaurant Table Booking System Reservation Status booking-details.php information disclosure
CVE-2023-6077 Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access
E
CVE-2023-6078 OS Command Injection vulnerability affecting BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023
CVE-2023-6079 Rejected reason: appears to be a duplicate of CVE-2023-40206...
R
CVE-2023-6080 Privilege Escalation to SYSTEM in Lakeside Software Installer
CVE-2023-6081 Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart
E
CVE-2023-6082 Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting
E
CVE-2023-6083 Rejected reason: Accidental Request....
R
CVE-2023-6084 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6085 Rejected reason: Accidental request....
R
CVE-2023-6086 Rejected reason: Accidental request....
R
CVE-2023-6087 Rejected reason: Accidental Request....
R
CVE-2023-6088 Rejected reason: Accidental Request....
R
CVE-2023-6089 Rejected reason: Accidental Request....
R
CVE-2023-6090 WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload
S
CVE-2023-6091 WordPress Theme Editor plugin <= 2.7.1 - Arbitrary File Upload vulnerability
S
CVE-2023-6092 Rejected reason: DUPLICATE, accidental request....
R
CVE-2023-6093 OnCell G3150A-LTE Series: Clickjacking Vulnerability
M
CVE-2023-6094 OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials
M
CVE-2023-6095 Remote Code Execution without authentication using memory overflow
CVE-2023-6096 using a inappropriate encryption logic
CVE-2023-6097 SQL Injection on ICSSolution ICS Business Manager
S
CVE-2023-6098 Cross-site Scripting on ICSSolution ICS Business Manager
S
CVE-2023-6099 Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management
E
CVE-2023-6100 Maiwei Safety Production Control Platform GetItemList information disclosure
CVE-2023-6101 Maiwei Safety Production Control Platform Intelligent Monitoring ha.html information disclosure
CVE-2023-6102 Maiwei Safety Production Control Platform unrestricted upload
CVE-2023-6103 Intelbras RX 1500 SSID WiFi.html cross site scripting
E
CVE-2023-6104 Rejected reason: The CVE Record was published by accident....
R
CVE-2023-6105 ManageEngine Information Disclosure in Multiple Products
E
CVE-2023-6106 Rejected reason: Accidental request....
R
CVE-2023-6107 Rejected reason: Accidental Request....
R
CVE-2023-6109 The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and inclu...
S
CVE-2023-6110 Openstack: deleting a non existing access rule deletes another existing access rule in it's scope
CVE-2023-6111 Use-after-free in Linux kernel's netfilter: nf_tables component
S
CVE-2023-6112 Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to p...
CVE-2023-6113 WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download
E
CVE-2023-6114 Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
E
CVE-2023-6115 Rejected reason: DUPLICATE CVE...
R
CVE-2023-6116 Remote Code Execution without authentication using stack overflow
CVE-2023-6117 M-Files REST API allows Denial of Service
S
CVE-2023-6118 Path Traversal in Neutron IP Camera
CVE-2023-6119 An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows ...
S
CVE-2023-6120 The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up ...
CVE-2023-6121 Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get
M
CVE-2023-6122 Reflected XSS in Softomi E-commerce Software
CVE-2023-6123 Improper Neutralization vulnerability affects OpenText ALM Octane.
S
CVE-2023-6124 Server-Side Request Forgery (SSRF) in salesagility/suitecrm
E S
CVE-2023-6125 Code Injection in salesagility/suitecrm
E S
CVE-2023-6126 Code Injection in salesagility/suitecrm
E S
CVE-2023-6127 Unrestricted Upload of File with Dangerous Type in salesagility/suitecrm
E S
CVE-2023-6128 Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm
E S
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC
S
CVE-2023-6130 Path Traversal: '\..\filename' in salesagility/suitecrm
E S
CVE-2023-6131 Code Injection in salesagility/suitecrm
E S
CVE-2023-6132 AVEVA Edge products Uncontrolled Search Path Element
S
CVE-2023-6133 The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blac...
S
CVE-2023-6134 Keycloak: reflected xss via wildcard in oidc redirect_uri
E
CVE-2023-6135 Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack c...
CVE-2023-6136 WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
S
CVE-2023-6137 WordPress Frontier Post Plugin <= 6.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-6138 A potential security vulnerability has been identified in the system BIOS for certain HP Workstation...
CVE-2023-6139 Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update
E
CVE-2023-6140 Essential Real Estate < 4.4 - Subscriber+ Arbitrary File Upload
E
CVE-2023-6141 Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
E
CVE-2023-6142 Dev Blog v1.0 - Stored XSS
E
CVE-2023-6143 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2023-6144 Dev Blog v1.0 - ATO
E
CVE-2023-6145 SQLi in Softomi E-commerce Software
CVE-2023-6146 Stored XSS Vulnerability in QualysGuard VM/PC
S
CVE-2023-6147 Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance
S
CVE-2023-6148 Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance
S
CVE-2023-6149 Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security
S
CVE-2023-6150 Information Disclosure in Eskom E-municipality
CVE-2023-6151 Information Disclosure in Eskom E-municipality
CVE-2023-6152 A user changing their email after signing up and verifying it can change it without verification in ...
E
CVE-2023-6153 Authentication Bypass in TeoSOFT Software TeoBASE
CVE-2023-6154 Local privilege escalation in Bitdefender Total Security (VA-11168)
S
CVE-2023-6155 Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure
E
CVE-2023-6156 Livestatus injection in availability timeline
CVE-2023-6157 Livestatus injection in ajax_search
CVE-2023-6158 The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthor...
S
CVE-2023-6159 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-6160 The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory T...
CVE-2023-6161 WP Crowdfunding < 2.1.9 - Reflected XSS
E
CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS
E
CVE-2023-6164 The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is ...
S
CVE-2023-6165 Restrict Usernames Emails Characters Plugin < 3.1.4 - Admin+ Stored XSS
E
CVE-2023-6166 Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting
E
CVE-2023-6167 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-6173 SQLi in TeoSOFT Software TeoBASE
CVE-2023-6174 Out-of-bounds Read in Wireshark
S
CVE-2023-6175 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
S
CVE-2023-6176 Kernel: local dos vulnerability in scatterwalk_copychunks
S
CVE-2023-6178 An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the...
CVE-2023-6179 Incorrect Permission assignment to program executable folders
CVE-2023-6180 Resource exhaustion via memory leak in tokio-boring
CVE-2023-6181 An oversight in BCB handling of reboot reason that allows for persistent code execution...
CVE-2023-6184 Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site ...
CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection
CVE-2023-6186 Link targets allow arbitrary script execution
CVE-2023-6187 The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficien...
S
CVE-2023-6188 GetSimpleCMS theme-edit.php code injection
E
CVE-2023-6189 Improper Permission Handling in M-Files Server
S
CVE-2023-6190 Authenicated Path Traversal in İzmir Katip Çelebi University
CVE-2023-6191 SQLi in WebPDKS
CVE-2023-6193 Unbounded queuing of path validation messages in cloudflare-quiche
CVE-2023-6194 In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to p...
E S
CVE-2023-6195 Server-Side Request Forgery (SSRF) in GitLab
E S
CVE-2023-6196 The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions ...
CVE-2023-6197 The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions ...
CVE-2023-6198 Hard Coded Credential
S
CVE-2023-6199 Book Stack v23.10.2 - LFR via Blind SSRF
E
CVE-2023-6200 Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
S
CVE-2023-6201 Command Injection in Univera Panorama Framework
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
S
CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
E
CVE-2023-6204 On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bo...
CVE-2023-6205 It was possible to cause the use of a MessagePort after it had already been freed, which could poten...
CVE-2023-6206 The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking dela...
CVE-2023-6207 Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Fi...
CVE-2023-6208 When using X11, text selected by the page using the Selection API was erroneously copied into the pr...
CVE-2023-6209 Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part ...
CVE-2023-6210 When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allow...
CVE-2023-6211 If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-onl...
CVE-2023-6212 Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these b...
CVE-2023-6213 Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption a...
CVE-2023-6214 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Informat...
S
CVE-2023-6217 MOVEit Transfer XSS via MOVEit Gateway
CVE-2023-6218 MOVEit Transfer Group Admin Privilege Escalation
CVE-2023-6219 The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient fi...
S
CVE-2023-6220 The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient f...
CVE-2023-6221 MachineSense FeverWarn Missing Authentication for Critical Function
M
CVE-2023-6222 Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal
E
CVE-2023-6223 The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version...
CVE-2023-6225 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si...
E S
CVE-2023-6226 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct...
E S
CVE-2023-6228 Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
CVE-2023-6229 Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Pri...
CVE-2023-6230 Buffer overflow in the Address Book password process in authentication of Mobile Device Function of ...
CVE-2023-6231 Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) ...
CVE-2023-6232 Buffer overflow in the Address Book username process in authentication of Mobile Device Function of ...
CVE-2023-6233 Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers...
CVE-2023-6234 Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Las...
CVE-2023-6235 Arbitrary code execution in Duet Display
S
CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log
CVE-2023-6237 Excessive time spent checking invalid RSA public keys
S
CVE-2023-6238 Kernel: nvme: memory corruption via unprivileged user passthrough
M
CVE-2023-6239 Incorrect calculation of effective permissions
S
CVE-2023-6240 Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation
CVE-2023-6241 Mali GPU Kernel Driver allows improper GPU memory processing operations
S
CVE-2023-6242 The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si...
S
CVE-2023-6243 EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email
S
CVE-2023-6244 The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si...
S
CVE-2023-6245 Infinite decoding loop through specially crafted payload
S
CVE-2023-6246 Glibc: heap-based buffer overflow in __vsyslog_internal()
E
CVE-2023-6247 The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the par...
CVE-2023-6248 Data leakage and arbitrary remote code execution in Syrus cloud devices
CVE-2023-6249 ipm: signed to unsigned conversion problem in esp32_ipm_send
E S
CVE-2023-6250 BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read
E
CVE-2023-6251 CSRF in delete_user_message
CVE-2023-6252 Path traversal vulnerability in Chameleon Power products
CVE-2023-6253 Saved Uninstall Key in Digital Guardian Agent Uninstaller
E S
CVE-2023-6254 Password is send back to client
S
CVE-2023-6255 Hardcoded Credentals in SoliClub Mobile App
CVE-2023-6257 Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read
E
CVE-2023-6258 Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths
S
CVE-2023-6259 Local Access to Sensitive Data in Brivo ACS100 and ACS300
CVE-2023-6260 Web UI OS Command Injection in Brivo ACS100, ACS300
CVE-2023-6263 Server Spoofing Vulnerability in NxCloud
CVE-2023-6264 Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauth...
CVE-2023-6265 DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal
E
CVE-2023-6266 The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insuff...
CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.
CVE-2023-6268 JSON Content Importer < 1.5.4 - Reflected XSS
E
CVE-2023-6269 Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF
E
CVE-2023-6270 Kernel: aoe: improper reference count leads to use-after-free vulnerability
S
CVE-2023-6271 Backup Migration Staging < 1.3.6 - Sensitive Data Exposure
E
CVE-2023-6272 Theme My Login 2FA < 1.2 - Lack of Rate Limiting
E
CVE-2023-6273 Permission management vulnerability in the module for disabling Sound Booster. Successful exploitati...
CVE-2023-6274 Byzoro Smart S80 PHP File updatelib.php unrestricted upload
E
CVE-2023-6275 TOTVS Fluig Platform mobileredir openApp.jsp cross site scripting
S
CVE-2023-6276 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6277 Libtiff: out-of-memory in tiffopen via a craft file
E S
CVE-2023-6278 Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting
E
CVE-2023-6279 Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
E
CVE-2023-6280 XML External Entity Reference on 52North WPS
CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm
S
CVE-2023-6287 Backup password in GET parameter
CVE-2023-6288 Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execu...
CVE-2023-6289 Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export
E
CVE-2023-6290 WP SEO Press < 7.3 - Admin+ Stored XSS
E
CVE-2023-6291 Keycloak: redirect_uri validation bypass
M
CVE-2023-6292 Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF
E
CVE-2023-6293 Prototype Pollution in robinbuschmann/sequelize-typescript
E S
CVE-2023-6294 popup-builder < 4.2.6 - Admin+ SSRF & File Read
E
CVE-2023-6295 so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion
E
CVE-2023-6296 osCommerce Instant Message compare cross site scripting
CVE-2023-6297 PHPGurukul Nipah Virus Testing Management System Search Report Page patient-search-report.php cross site scripting
E
CVE-2023-6298 Apryse iText PdfDocument.java main array index
E
CVE-2023-6299 Apryse iText Reference Table PdfDocument.java memory leak
E S
CVE-2023-6300 SourceCodester Best Courier Management System cross site scripting
E
CVE-2023-6301 SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting
E
CVE-2023-6302 CSZCMS File Manager Page templates permission
E
CVE-2023-6303 CSZCMS Site Settings Page cross site scripting
E
CVE-2023-6304 Tecno 4G Portable WiFi TR118 Ping Tool goform_get_cmd_process os command injection
E
CVE-2023-6305 SourceCodester Free and Open Source Inventory Management System suppliar_data.php sql injection
E S
CVE-2023-6306 SourceCodester Free and Open Source Inventory Management System member_data.php sql injection
E
CVE-2023-6307 jeecgboot JimuReport image path traversal
E
CVE-2023-6308 Xiamen Four-Faith Video Surveillance Management System Apache Struts unrestricted upload
E
CVE-2023-6309 moses-smt mosesdecoder trans_result.php os command injection
E
CVE-2023-6310 SourceCodester Loan Management System deleteBorrower.php delete_borrower sql injection
E
CVE-2023-6311 SourceCodester Loan Management System Loan Type Page delete_ltype.php delete_ltype sql injection
E
CVE-2023-6312 SourceCodester Loan Management System Users Page deleteUser.php delete_user sql injection
E
CVE-2023-6313 SourceCodester URL Shortener Long URL cross site scripting
E
CVE-2023-6314 Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attacke...
CVE-2023-6315 Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow att...
CVE-2023-6316 The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file...
S
CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction
E S
CVE-2023-6318 Command injection in the processAnalyticsReport method from the com.webos.service.cloudupload service
E S
CVE-2023-6319 Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service
E S
CVE-2023-6320 Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint
E
CVE-2023-6321 Owlet Camera OS command injection
E
CVE-2023-6322 Stack-based buffer overflow in message parser functionality
E
CVE-2023-6323 ThroughTek Kalay SDK insufficient verification of message authenticity
E
CVE-2023-6324 ThroughTek Kalay SDK error in handling the PSK identity
E
CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
CVE-2023-6326 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request...
CVE-2023-6327 ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products
CVE-2023-6329 Control iD iDSecure passwordCustom Authentication Bypass
E
CVE-2023-6333 Cross-site Scripting in ControlByWeb Relays
S
CVE-2023-6334 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workfo...
CVE-2023-6335 Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Acces...
CVE-2023-6336 Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Acces...
CVE-2023-6337 Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6338 Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) t...
S
CVE-2023-6339 Google Nest WiFi Pro root code-execution & user-data compromise
CVE-2023-6340 SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions ar...
CVE-2023-6341 Catalis CM360 allows authentication bypass
CVE-2023-6342 Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass
CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass
CVE-2023-6344 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass
CVE-2023-6345 Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had ...
KEV
CVE-2023-6346 Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to pot...
CVE-2023-6347 Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potenti...
CVE-2023-6348 Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who ...
CVE-2023-6349 Heap overflow in libvpx
CVE-2023-6350 Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to pote...
CVE-2023-6351 Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to pote...
CVE-2023-6352 Aquaforest TIFF Server default configuration allows access to arbitrary files
E
CVE-2023-6353 Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
CVE-2023-6354 Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass
CVE-2023-6355 Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass som...
CVE-2023-6356 Kernel: null pointer dereference in nvmet_tcp_build_iovec
M
CVE-2023-6357 OS Command Injection in multiple CODESYS products
M
CVE-2023-6359 Cross-Site Scripting in Alumne LMS
S
CVE-2023-6360 The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection...
E
CVE-2023-6361 A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerabili...
S
CVE-2023-6362 A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerabili...
S
CVE-2023-6363 Mali GPU Kernel Driver allows improper GPU processing operations
S
CVE-2023-6364 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Dashboard
CVE-2023-6365 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Device Groups
CVE-2023-6366 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Alert Center
CVE-2023-6367 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Roles
CVE-2023-6368 WhatsUp Gold Unauthenticated Access to an API Endpoint
CVE-2023-6369 The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of d...
S
CVE-2023-6371 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2023-6373 ArtPlacer Widget < 2.20.7 - Editor+ SQLi
E
CVE-2023-6374 Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS S...
CVE-2023-6375 Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely
CVE-2023-6376 Henschen & Associates court document management software cache uses predictable file names
E
CVE-2023-6377 Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
S
CVE-2023-6378 Logback "receiver" DOS vulnerability
S
CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms
S
CVE-2023-6380 Open Redirect in Alkacon Software OpenCms
S
CVE-2023-6381 Improper input validation in Newsletter Software SuperMailer
S
CVE-2023-6382 Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2023-6383 Debug Log Manager < 2.3.0 - Sensitive Logs Exposure
E
CVE-2023-6384 WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR
E
CVE-2023-6385 WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF
E
CVE-2023-6386 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2023-6387 Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow
CVE-2023-6388 Suite CRM v7.14.2 - SSRF
E
CVE-2023-6389 WordPress Toolbar <= 2.2.6 - Open Redirect
E
CVE-2023-6390 WordPress Users <= 1.4 - Settings Update via CSRF
E
CVE-2023-6391 Custom User CSS <= 0.2 - Settings Update via CSRF
E
CVE-2023-6393 Quarkus: potential invalid reuse of context when @cacheresult on a uni is used
M
CVE-2023-6394 Quarkus: graphql operations over websockets bypass
CVE-2023-6395 Mock: privilege escalation for users that can access mock configuration
E S
CVE-2023-6397 A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32...
CVE-2023-6398 A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series ...
CVE-2023-6399 A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, ...
CVE-2023-6400 Incorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product.
S
CVE-2023-6401 NotePad++ dbghelp.exe uncontrolled search path
CVE-2023-6402 PHPGurukul Nipah Virus Testing Management System add-phlebotomist.php sql injection
E M
CVE-2023-6407 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabil...
CVE-2023-6408 CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel v...
CVE-2023-6409 CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to...
CVE-2023-6410 SQL injection in Voovi Social Networking Script
CVE-2023-6411 SQL injection in Voovi Social Networking Script
CVE-2023-6412 SQL injection in Voovi Social Networking Script
CVE-2023-6413 SQL injection in Voovi Social Networking Script
CVE-2023-6414 SQL injection in Voovi Social Networking Script
CVE-2023-6415 SQL injection in Voovi Social Networking Script
CVE-2023-6416 SQL injection in Voovi Social Networking Script
CVE-2023-6417 SQL injection in Voovi Social Networking Script
CVE-2023-6418 SQL injection in Voovi Social Networking Script
CVE-2023-6419 Cross-site Scripting vulnerability in Voovi Social Networking Script
CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script
CVE-2023-6421 Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak
E
CVE-2023-6422 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6423 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6424 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6425 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6426 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6427 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6429 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6434 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6435 Cross-site Scripting vulnerability in BigProf products
CVE-2023-6436 SQLi in Ekol Bilisim Website Template
CVE-2023-6437 Authenticated RCE
CVE-2023-6438 Thecosy IceCMS Like improper enforcement of a single, unique action
E
CVE-2023-6439 ZenTao PMS cross site scripting
E
CVE-2023-6440 SourceCodester Book Borrower System add-book.php cross site scripting
E
CVE-2023-6441 SQLi in UNI-PA's University Information System
CVE-2023-6442 PHPGurukul Nipah Virus Testing Management System add-phlebotomist.php cross site scripting
E
CVE-2023-6444 Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure
E
CVE-2023-6446 The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adm...
CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access
E
CVE-2023-6448 Unitronics VisiLogic uses a default administrative password
KEV
CVE-2023-6449 The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient ...
S
CVE-2023-6450 An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an ...
S
CVE-2023-6451 Publicly Known Cryptographic Machine Key In Procura Portal Application
S
CVE-2023-6452 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i...
S
CVE-2023-6456 WP Review Slider < 13.0 - Admin+ Stored XSS
E
CVE-2023-6457 File and Directory Permission Vulnerability in Hitachi Tuning Manager
CVE-2023-6458 Client side path traversal due to lack of route parameters validation
S
CVE-2023-6459 Public endpoint /metrics of Calls plugin reveals channel IDs
S
CVE-2023-6460 Information leak in nodejs-firestore
S
CVE-2023-6461 Cross-site Scripting (XSS) - Reflected in viliusle/minipaint
E S
CVE-2023-6462 SourceCodester User Registration and Login System delete-user.php cross site scripting
E
CVE-2023-6463 SourceCodester User Registration and Login System add-user.php cross site scripting
E
CVE-2023-6464 SourceCodester User Registration and Login System add-user.php sql injection
E
CVE-2023-6465 PHPGurukul Nipah Virus Testing Management System registered-user-testing.php cross site scripting
E
CVE-2023-6466 Thecosy IceCMS User Comment planet cross site scripting
E
CVE-2023-6467 Thecosy IceCMS Comment Like improper enforcement of a single, unique action
E
CVE-2023-6470 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER....
R
CVE-2023-6472 PHPEMS Content Section api.cls.php cross site scripting
E
CVE-2023-6473 SourceCodester Online Quiz System take-quiz.php cross site scripting
E
CVE-2023-6474 PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery
E
CVE-2023-6476 Cri-o: pods are able to break out of resource confinement on cgroupv2
CVE-2023-6477 Incorrect Privilege Assignment in GitLab
E S
CVE-2023-6478 Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
S
CVE-2023-6481 Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix
S
CVE-2023-6482 Encryption key derived from static host information
CVE-2023-6483 Improper Authentication Vulnerability in ADiTaaS
S
CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration
CVE-2023-6485 Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS
E
CVE-2023-6486 The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scr...
E S
CVE-2023-6487 LuckyWP Table of Contents <= 2.1.4 - Authenticated(Administrator+) Cross-Site Scripting
CVE-2023-6488 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si...
S
CVE-2023-6489 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-6491 Strong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views Modification
CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices
CVE-2023-6493 The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vu...
S
CVE-2023-6494 The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr...
CVE-2023-6495 YARPP – Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting
S
CVE-2023-6496 The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all v...
S
CVE-2023-6497 The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2023-6498 The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr...
S
CVE-2023-6499 lasTunes <= 3.6.1 - Settings Update via CSRF
E
CVE-2023-6500 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
S
CVE-2023-6501 Splashscreen <= 0.20 - Settings Update via CSRF
E
CVE-2023-6502 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-6503 WP Plugin Lister <= 2.1.0 - Settings Update to Stored XSS via CSRF
E
CVE-2023-6504 The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugi...
S
CVE-2023-6505 Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure
E
CVE-2023-6506 The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure ...
S
CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
S
CVE-2023-6508 Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to ...
CVE-2023-6509 Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacke...
CVE-2023-6510 Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker wh...
CVE-2023-6511 Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote at...
CVE-2023-6512 Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a rem...
CVE-2023-6514 The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vul...
CVE-2023-6515 IDOR in Mia Technology's Mia-Med
CVE-2023-6516 Specific recursive query patterns may lead to an out-of-memory condition
S
CVE-2023-6517 Seeing the SMS Verification Code in Mia Technology's Mia-Med
CVE-2023-6518 Password Disclosure in Mia Technology's Mia-Med
CVE-2023-6519 Seeing admin password hash value in Mia Technology's Mia-Med
CVE-2023-6520 The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Sit...
S
CVE-2023-6522 Information Disclosure in ExtremePacs's Extreme XDS
CVE-2023-6523 IDOR in ExtremePacs's Extreme XDS
CVE-2023-6524 The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...
E
CVE-2023-6525 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2023-6526 The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-...
S
CVE-2023-6527 The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting vi...
S
CVE-2023-6528 Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE
E
CVE-2023-6529 WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS
E
CVE-2023-6530 TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes
E
CVE-2023-6531 Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf
S
CVE-2023-6532 WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF
E
CVE-2023-6533 Silicon Labs PC Controller Denial of Service Vulnerability
CVE-2023-6534 TCP spoofing vulnerability in pf(4)
CVE-2023-6535 Kernel: null pointer dereference in nvmet_tcp_execute_request
M
CVE-2023-6536 Kernel: null pointer dereference in __nvmet_req_complete
M
CVE-2023-6538 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
CVE-2023-6540 A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android tha...
S
CVE-2023-6541 Allow SVG < 1.2.0 - Author+ Stored XSS via SVG
E
CVE-2023-6542 Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID
CVE-2023-6544 Keycloak: authorization bypass
M
CVE-2023-6545 Beckhoff: Open redirect in TwinCAT/BSD package authelia-bhf
CVE-2023-6546 Kernel: gsm multiplexing race condition leads to privilege escalation
S
CVE-2023-6547 Playbooks access/modification by removed team member
S
CVE-2023-6548 Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway all...
KEV
CVE-2023-6549 Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScal...
KEV
CVE-2023-6551 Stored XSS in class.upload.php
CVE-2023-6552 Open redirect in TasmoAdmin
S
CVE-2023-6553 The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up ...
S
CVE-2023-6554 Missing authorisation in TCExam
CVE-2023-6555 Email Subscription Popup < 1.2.20 - Reflected XSS
E
CVE-2023-6556 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Store...
S
CVE-2023-6557 The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all ...
CVE-2023-6558 The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploa...
S
CVE-2023-6559 The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, ...
S
CVE-2023-6560 Kernel: io_uring out of boundary memory access in __io_uaddr_map()
S
CVE-2023-6561 The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
S
CVE-2023-6562 JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and ...
E
CVE-2023-6563 Keycloak: offline session token dos
E M
CVE-2023-6564 Incorrect Authorization in GitLab
S
CVE-2023-6565 The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve...
S
CVE-2023-6566 Business Logic Errors in microweber/microweber
E S
CVE-2023-6567 The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ par...
CVE-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow
E S
CVE-2023-6569 External Control of File Name or Path in h2oai/h2o-3
E
CVE-2023-6570 Server-Side Request Forgery (SSRF) in kubeflow/kubeflow
E
CVE-2023-6571 Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow
E
CVE-2023-6572 Command Injection in gradio-app/gradio
E S
CVE-2023-6573 HPE OneView may have a missing passphrase during restore....
CVE-2023-6574 Byzoro Smart S20 HTTP POST Request updateos.php unrestricted upload
E S
CVE-2023-6575 Byzoro S210 HTTP POST Request repair.php sql injection
E
CVE-2023-6576 Byzoro S210 HTTP POST Request uploadfile.php unrestricted upload
E
CVE-2023-6577 Byzoro PatrolFlow 2530Pro mailsendview.php path traversal
E
CVE-2023-6578 Software AG WebMethods access control
CVE-2023-6579 osCommerce POST Parameter shopping-cart sql injection
E
CVE-2023-6580 D-Link DIR-846 QoS POST deserialization
E
CVE-2023-6581 D-Link DAR-7000 workidajax.php sql injection
E
CVE-2023-6582 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposur...
S
CVE-2023-6583 The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal ...
S
CVE-2023-6584 JobSearch WP Job Board < 2.3.4 - Authentication Bypass
E
CVE-2023-6585 JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
E
CVE-2023-6588 Offline mode is always enabled, even if permission disallows it, in Devolutions Server data sour...
CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS
E
CVE-2023-6592 FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
E
CVE-2023-6593 Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS ...
CVE-2023-6594 The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scrip...
S
CVE-2023-6595 WhatsUp Gold Unauthenticated Access to an API Endpoint
CVE-2023-6596 Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325)
CVE-2023-6597 An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.1...
S
CVE-2023-6598 The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a mis...
S
CVE-2023-6599 Missing Standardized Error Handling Mechanism in microweber/microweber
E S
CVE-2023-6600 The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to un...
S
CVE-2023-6601 Ffmpeg: hls unsafe file extension bypass in ffmpeg
CVE-2023-6602 Ffmpeg: improper handling of input format in tty demuxer of ffmpeg
E
CVE-2023-6603 Ffmpeg: null pointer dereference in ffmpeg hls parsing
E
CVE-2023-6604 Ffmpeg: hls xbin demuxer dos amplification in ffmpeg
CVE-2023-6605 Ffmpeg: dash playlist ssrf vulnerability in ffmpeg
CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize
E M
CVE-2023-6607 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6608 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6609 osCommerce all-products cross site scripting
CVE-2023-6610 Kernel: oob access in smb2_dump_detail
E M
CVE-2023-6611 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6612 Totolink X5000R cstecgi.cgi setWizardCfg os command injection
E
CVE-2023-6613 Typecho Logo options-theme.php cross site scripting
E
CVE-2023-6614 Typecho Page manage-pages.php backdoor
E
CVE-2023-6615 Typecho manage-users.php information disclosure
E
CVE-2023-6616 SourceCodester Simple Student Attendance System index.php cross site scripting
E
CVE-2023-6617 SourceCodester Simple Student Attendance System attendance.php sql injection
E
CVE-2023-6618 SourceCodester Simple Student Attendance System index.php file inclusion
E
CVE-2023-6619 SourceCodester Simple Student Attendance System class_form.php sql injection
E
CVE-2023-6620 Post SMTP < 2.8.7 - Admin+ SQL Injection
E
CVE-2023-6621 Post SMTP < 2.8.7 - Reflected Cross-Site Scripting
E
CVE-2023-6622 Kernel: null pointer dereference vulnerability in nft_dynset_init()
S
CVE-2023-6623 Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
E
CVE-2023-6624 The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Sc...
S
CVE-2023-6625 Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
E
CVE-2023-6626 Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS
E
CVE-2023-6627 WP Go Maps < 9.0.28 - Unauthenticated Stored XSS
E
CVE-2023-6629 The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl...
S
CVE-2023-6630 The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Ob...
S
CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element
S
CVE-2023-6632 The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting ...
S
CVE-2023-6633 Site Notes <= 2.0.0 - Admin Note Deletion via CSRF
E
CVE-2023-6634 The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and in...
CVE-2023-6635 The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type...
S
CVE-2023-6636 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary f...
S
CVE-2023-6637 The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modifica...
S
CVE-2023-6638 The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of...
CVE-2023-6640 Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability
CVE-2023-6645 The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site S...
CVE-2023-6646 linkding cross site scripting
E S
CVE-2023-6647 AMTT HiBOS sql injection
E
CVE-2023-6648 PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection
E
CVE-2023-6649 PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting
E
CVE-2023-6650 SourceCodester Simple Invoice Generator System login.php cross site scripting
E
CVE-2023-6651 code-projects Matrimonial Site sql injection
E
CVE-2023-6652 code-projects Matrimonial Site register.php register sql injection
E
CVE-2023-6653 PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery
E
CVE-2023-6654 PHPEMS Session Data session.cls.php deserialization
E
CVE-2023-6655 Hongjing e-HR Login Interface loadhistroyorgtree sql injection
E
CVE-2023-6656 DeepFaceLab DFLJPG.py deserialization
CVE-2023-6657 SourceCodester Simple Student Attendance System student_form.php sql injection
E
CVE-2023-6658 SourceCodester Simple Student Attendance System sql injection
E
CVE-2023-6659 Campcodes Web-Based Student Clearance System login.php sql injection
E
CVE-2023-6660 NFS client data corruption and kernel memory disclosure
CVE-2023-6671 Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS
S
CVE-2023-6672 Stored XSS in National Keep's CyberMath
CVE-2023-6673 Reflected XSS in National Keep's CyberMath
CVE-2023-6675 Malicious File Upload in National Keep's CyberMath
CVE-2023-6676 Cross Site Request Forgery in National Keep's CyberMath
CVE-2023-6677 SQLi in Oduyo Online Collection Software
CVE-2023-6678 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-6679 Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
S
CVE-2023-6680 Improper Certificate Validation in GitLab
S
CVE-2023-6681 Jwcrypto: denail of service via specifically crafted jwe
M
CVE-2023-6682 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-6683 Qemu: vnc: null pointer dereference in qemu_clipboard_request()
S
CVE-2023-6684 The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip...
S
CVE-2023-6687 Elastic Agent Insertion of Sensitive Information into Log File
M
CVE-2023-6688 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-6689 Cross-Site Request Forgery in EFACEC BCU 500
S
CVE-2023-6690 A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on tr...
CVE-2023-6691 Code Injection vulnerability in Cambium ePMP Force 300-25
CVE-2023-6692 Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox
CVE-2023-6693 Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
S
CVE-2023-6694 The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
CVE-2023-6695 The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio...
CVE-2023-6696 Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure
S
CVE-2023-6697 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site ...
S
CVE-2023-6699 The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Trave...
S
CVE-2023-6700 The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary ...
S
CVE-2023-6701 The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...
S
CVE-2023-6702 Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potential...
CVE-2023-6703 Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potent...
CVE-2023-6704 Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to pote...
CVE-2023-6705 Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to poten...
CVE-2023-6706 Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convi...
CVE-2023-6707 Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentia...
CVE-2023-6708 SVG Support <= 2.5.5 - Authenticated (Author+) Cross-Site Scripting via SVG
CVE-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
E S
CVE-2023-6710 Mod_cluster/mod_proxy_cluster: stored cross site scripting
M
CVE-2023-6711 Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series p...
CVE-2023-6716 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. All references and descriptions in this re...
R
CVE-2023-6717 Keycloak: xss via assertion consumer service url in saml post-binding flow
CVE-2023-6718 Authentication Bypass Using an Alternate Path or Channel in Repox
S
CVE-2023-6719 Cross-site Scripting in Repox
S
CVE-2023-6720 Cross-site Scripting in Repox
S
CVE-2023-6721 Improper Restriction of XML External Entity Reference in Repox
S
CVE-2023-6722 Relative Path Traversal in Repox
S
CVE-2023-6723 Unrestricted Upload of File with Dangerous Type in Repox
S
CVE-2023-6724 IDOR in Simgesel Software's Hearing Tracking System (Barosel)
CVE-2023-6725 Tripleo-ansible: bind keys are world readable
CVE-2023-6727 Leak Inaccessible Playbook Information via Channel Action IDOR
S
CVE-2023-6728 Nokia SR OS: BOF File Encryption Vulnerability
CVE-2023-6729 Nokia SR OS: File Access Security Vulnerability
CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers
E S
CVE-2023-6731 The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing...
S
CVE-2023-6732 Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS
E
CVE-2023-6733 The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposur...
S
CVE-2023-6734 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-33679. Reason: ...
R
CVE-2023-6735 Privilege escalation in mk_tsm
S
CVE-2023-6736 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-6737 The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th...
S
CVE-2023-6738 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St...
S
CVE-2023-6740 Privilege escalation in jar_signature
S
CVE-2023-6741 WP Customer Area < 8.2.1 - Subscriber+ Account Address Update
E
CVE-2023-6742 The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauth...
S
CVE-2023-6743 Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import
S
CVE-2023-6744 The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_te...
CVE-2023-6745 Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
S
CVE-2023-6746 Sensitive Information in Log File in GitHub Enterprise Server
CVE-2023-6747 The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si...
CVE-2023-6748 Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure
S
CVE-2023-6749 Unchecked user input length in the Zephyr Settings Shell
E S
CVE-2023-6750 Clone < 2.4.3 - Unauthenticated Backup Download
E
CVE-2023-6751 The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a mis...
S
CVE-2023-6752 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6747. Reason: T...
R
CVE-2023-6753 Path Traversal in mlflow/mlflow
E S
CVE-2023-6755 DedeBIZ content_batchup_action.php sql injection
E
CVE-2023-6756 Thecosy IceCMS Captcha login excessive authentication
E
CVE-2023-6757 Thecosy IceCMS API PlanetUser information disclosure
E
CVE-2023-6758 Thecosy IceCMS API PlanetCommentList access control
E
CVE-2023-6759 Thecosy IceCMS Love resource improper enforcement of a single, unique action
E
CVE-2023-6760 Thecosy IceCMS user session
E
CVE-2023-6761 Thecosy IceCMS User Data access control
E
CVE-2023-6762 Thecosy IceCMS Article permission
E
CVE-2023-6764 A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series...
CVE-2023-6765 SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injection
E
CVE-2023-6766 PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery
E
CVE-2023-6767 SourceCodester Wedding Guest e-Book add-guest.php cross site scripting
CVE-2023-6768 Authentication bypass vulnerability in Amazing Little Poll
CVE-2023-6769 Stored XSS vulnerability in Amazing Little Poll
CVE-2023-6771 SourceCodester Simple Student Attendance System actions.class.php save_attendance sql injection
E
CVE-2023-6772 OTCMS ind_backstage.php sql injection
E
CVE-2023-6773 CodeAstro POS and Inventory Management System User Creation register_account access control
E
CVE-2023-6774 CodeAstro POS and Inventory Management System register_account cross site scripting
E
CVE-2023-6775 CodeAstro POS and Inventory Management System item_con cross site scripting
E
CVE-2023-6776 The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Fun...
S
CVE-2023-6777 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API k...
S
CVE-2023-6778 Cross-site Scripting (XSS) - Stored in allegroai/clearml-server
E S
CVE-2023-6779 Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
E
CVE-2023-6780 Glibc: integer overflow in __vsyslog_internal()
E
CVE-2023-6781 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
S
CVE-2023-6782 The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Sc...
S
CVE-2023-6783 WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS
E
CVE-2023-6784 Potential Use of the Sitefinity System for Distribution of Phishing Emails
CVE-2023-6785 The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added...
S
CVE-2023-6786 Payment Gateway for Telcell <= 2.0.1 - Unauthenticated Open Redirect
E
CVE-2023-6787 Keycloak: session hijacking via re-authentication
CVE-2023-6788 The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request ...
S
CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
S
CVE-2023-6790 PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
S
CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials
S
CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API
S
CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
S
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface
S
CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface
S
CVE-2023-6798 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu...
S
CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness
S
CVE-2023-6801 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu...
S
CVE-2023-6802 Sensitive Information in Log File in GitHub Enterprise Server
CVE-2023-6803 Race Condition allows Unauthorized Outside Collaborator
CVE-2023-6804 Improper Privilege Management allows for arbitrary workflows to be run
CVE-2023-6805 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu...
S
CVE-2023-6806 The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings u...
S
CVE-2023-6807 The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
CVE-2023-6808 The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stor...
S
CVE-2023-6809 The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th...
CVE-2023-6810 The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of d...
CVE-2023-6811 The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Store...
CVE-2023-6812 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css
CVE-2023-6813 Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle
CVE-2023-6814 Information Exposure Vulnerability in Cosminexus Component Container
CVE-2023-6815 Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series S...
M
CVE-2023-6816 Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
M
CVE-2023-6817 Use-after-free in Linux kernel's netfilter: nf_tables component
S
CVE-2023-6819 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-6821 Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
E
CVE-2023-6824 WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
E
CVE-2023-6825 The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in...
S
CVE-2023-6826 The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type...
CVE-2023-6827 The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insuff...
S
CVE-2023-6828 The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPr...
CVE-2023-6830 The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and inc...
CVE-2023-6831 Path Traversal: '\..\filename' in mlflow/mlflow
E S
CVE-2023-6832 Business Logic Errors in microweber/microweber
E S
CVE-2023-6833 Information Exposure Vulnerability in Hitachi Ops Center Administrator
CVE-2023-6835 Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validatio...
S
CVE-2023-6836 Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack...
S
CVE-2023-6837 Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT pr...
S
CVE-2023-6838 Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endp...
S
CVE-2023-6839 Due to improper error handling, a REST API resource could expose a server side error containing an i...
S
CVE-2023-6840 Missing Authorization in GitLab
E S
CVE-2023-6841 Keycloak: amount of attributes per object is not limited and it may lead to dos
M
CVE-2023-6842 The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder pl...
CVE-2023-6843 easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update
E
CVE-2023-6844 iframe <= 5.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
CVE-2023-6845 CommentTweets <= 0.6 - Settings Update via CSRF
E
CVE-2023-6846 The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up ...
E
CVE-2023-6847 Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data
CVE-2023-6848 kalcaddle kodbox index.class.php check command injection
E S
CVE-2023-6849 kalcaddle kodbox app.php cover server-side request forgery
E S
CVE-2023-6850 kalcaddle KodExplorer API Endpoint unrestricted upload
E S
CVE-2023-6851 kalcaddle KodExplorer ZIP Archive app.php unzipList code injection
E S
CVE-2023-6852 kalcaddle KodExplorer app.php server-side request forgery
E S
CVE-2023-6853 kalcaddle KodExplorer app.php index server-side request forgery
E S
CVE-2023-6854 The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cu...
CVE-2023-6855 The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W...
CVE-2023-6856 The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on syst...
CVE-2023-6857 When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be sma...
CVE-2023-6858 Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handli...
CVE-2023-6859 A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerabili...
CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders. This cou...
CVE-2023-6861 The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in he...
CVE-2023-6862 A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely ...
CVE-2023-6863 The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a ...
CVE-2023-6864 Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these b...
CVE-2023-6865 `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be a...
CVE-2023-6866 TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other ...
CVE-2023-6867 The timing of a button click causing a popup to disappear was approximately the same length as the a...
CVE-2023-6868 In some instances, the user-agent would allow push requests which lacked a valid VAPID even though t...
CVE-2023-6869 A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. ...
CVE-2023-6870 Applications which spawn a Toast notification in a background thread may have obscured fullscreen no...
CVE-2023-6871 Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a n...
CVE-2023-6872 Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the brow...
E
CVE-2023-6873 Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption a...
CVE-2023-6874 Zigbee Unauthenticated DoS via NWK Sequence number manipulation
CVE-2023-6875 The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl...
CVE-2023-6876 Clever Fox – One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme
S
CVE-2023-6877 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu...
S
CVE-2023-6878 The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of da...
CVE-2023-6879 heap buffer overflow in libaom
E S
CVE-2023-6880 The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & ...
CVE-2023-6881 fs: fuse: buffer overflow vulnerability in the Zephyr FS
E S
CVE-2023-6882 The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘...
S
CVE-2023-6883 The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to ...
CVE-2023-6884 This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in...
E S
CVE-2023-6885 Tongda OA 2017 delete.php sql injection
E
CVE-2023-6886 xnx3 wangmarket Role Management Page code injection
E
CVE-2023-6887 saysky ForestBlog Image Upload img unrestricted upload
E
CVE-2023-6888 PHZ76 RtspServer RtspMesaage.cpp ParseRequestLine stack-based overflow
E
CVE-2023-6889 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
E S
CVE-2023-6890 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
E S
CVE-2023-6891 PeaZip Library dragdropfilesdll.dll uncontrolled search path
S
CVE-2023-6892 The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl...
S
CVE-2023-6893 Hikvision Intercom Broadcasting System exportrecord.php path traversal
E
CVE-2023-6894 Hikvision Intercom Broadcasting System Log File system.html information disclosure
E
CVE-2023-6895 Hikvision Intercom Broadcasting System ping.php os command injection
E
CVE-2023-6896 SourceCodester Simple Image Stack Website cross site scripting
E
CVE-2023-6897 The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in al...
S
CVE-2023-6898 SourceCodester Best Courier Management System manage_user.php sql injection
E
CVE-2023-6899 rmountjoy92 DashMachine Config save_config code injection
E
CVE-2023-6900 rmountjoy92 DashMachine delete_file path traversal
E
CVE-2023-6901 codelyfe Stupid Simple CMS HTTP POST Request handle-command.php os command injection
E
CVE-2023-6902 codelyfe Stupid Simple CMS upload.php unrestricted upload
E
CVE-2023-6903 Netentsec NS-ASG Application Security Gateway sql injection
E
CVE-2023-6904 Jahastech NxFilter config,admin.jsp cross-site request forgery
CVE-2023-6905 Jahastech NxFilter Bind Request ldap injection
CVE-2023-6906 Totolink A7100RU HTTP POST Request main buffer overflow
E
CVE-2023-6907 codelyfe Stupid Simple CMS Deletion Interface delete.php improper authentication
E
CVE-2023-6908 DFIRKuiper TAR Archive case_management.py unzip_file path traversal
S
CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow
E S
CVE-2023-6910 Uncontrolled Resource Consumption in M-Files Server
S
CVE-2023-6911 Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored ...
S
CVE-2023-6912 Brute force vulnerability in M-Files user authentication
S
CVE-2023-6913 Session Hijacking on Imou Life app
S
CVE-2023-6915 Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
S
CVE-2023-6916 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
S
CVE-2023-6917 Pcp: unsafe use of directories allows pcp to root privilege escalation
M
CVE-2023-6918 Libssh: missing checks for return values for digests
M
CVE-2023-6919 Path Traversal in VGuard IP Camera Network Recorder
CVE-2023-6920 Rejected reason: This flaw was found to be a duplicate of CVE-2023-6927. Please see https://access.r...
R
CVE-2023-6921 SQL Injection in PrestaShop Google Integrator
CVE-2023-6922 The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitiv...
CVE-2023-6923 The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Refle...
S
CVE-2023-6924 The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wid...
S
CVE-2023-6925 The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file ...
CVE-2023-6926 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Crestron AM-300
S
CVE-2023-6927 Keycloak: open redirect via "form_post.jwt" jarm response mode
M
CVE-2023-6928 Improper Restriction of Excessive Authentication Attempts
CVE-2023-6929 Authorization Bypass Through User-Controlled Key in EuroTel ETL3100
CVE-2023-6930 Improper Access Control in EuroTel ETL3100
CVE-2023-6931 Out-of-bounds write in Linux kernel's Performance Events system component
S
CVE-2023-6932 Use-after-free in Linux kernel's ipv4: igmp component
S
CVE-2023-6933 The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions...
E S
CVE-2023-6934 The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
S
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA
S
CVE-2023-6936 Heap-buffer over-read with WOLFSSL_CALLBACKS
S
CVE-2023-6937 Improper (D)TLS key boundary enforcement
S
CVE-2023-6938 The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom fi...
S
CVE-2023-6939 Some Honor products are affected by type confusion vulnerability, successful exploitation could cau...
CVE-2023-6940 Command Injection
S
CVE-2023-6941 Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS
E
CVE-2023-6942 Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSock...
CVE-2023-6943 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in ...
CVE-2023-6944 Rhdh: catalog-import function leaks credentials to frontend
M
CVE-2023-6945 SourceCodester Online Student Management System edit-student-detail.php cross site scripting
E
CVE-2023-6946 Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
E
CVE-2023-6947 Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal
S
CVE-2023-6948 A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of ...
CVE-2023-6949 A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI M...
CVE-2023-6950 An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3...
CVE-2023-6951 A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones...
CVE-2023-6953 The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to S...
S
CVE-2023-6954 The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p...
CVE-2023-6955 Missing Authorization in GitLab
S
CVE-2023-6956 EasyAzon – Amazon Associates Affiliate Plugin <= 5.1.0 - Reflected Cross-Site Scripting via easyazon-cloaking-locale
CVE-2023-6957 The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored C...
CVE-2023-6958 The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
S
CVE-2023-6959 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of dat...
S
CVE-2023-6960 CVE-2023-6960
CVE-2023-6961 The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ ...
S
CVE-2023-6962 The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions...
S
CVE-2023-6963 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to...
S
CVE-2023-6964 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to...
CVE-2023-6965 The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorizati...
CVE-2023-6966 The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions
S
CVE-2023-6967 The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via s...
CVE-2023-6968 The Moneytizer <= 9.5.20 - Cross-Site Request Forgery via multiple AJAX actions
CVE-2023-6969 The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in a...
CVE-2023-6970 The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Re...
S
CVE-2023-6971 The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 t...
S
CVE-2023-6972 The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and...
S
CVE-2023-6974 Server-Side Request Forgery (SSRF)
E S
CVE-2023-6975 Path Traversal: '\..\filename'
E S
CVE-2023-6976 Unrestricted Upload of File with Dangerous Type
E S
CVE-2023-6977 Path Traversal: '\..\filename'
E S
CVE-2023-6978 WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting
CVE-2023-6979 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads du...
S
CVE-2023-6980 The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W...
S
CVE-2023-6981 The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W...
S
CVE-2023-6982 The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vul...
S
CVE-2023-6983 The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vul...
S
CVE-2023-6984 The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is ...
S
CVE-2023-6985 The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthor...
S
CVE-2023-6986 The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents...
S
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting
S
CVE-2023-6988 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p...
CVE-2023-6989 The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vul...
S
CVE-2023-6990 The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post m...
S
CVE-2023-6991 JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
E
CVE-2023-6992 Memory corruption issues is Cloudflare zlib implementation
S
CVE-2023-6993 The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site ...
CVE-2023-6994 The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl...
S
CVE-2023-6996 The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vul...
S
CVE-2023-6997 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-6998 Lockscreen bypass in eWeLink App
CVE-2023-6999 The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecut...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.