| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2023-7002 | The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up t... | E S | |
| CVE-2023-7003 | CVE-2023-7003 | | |
| CVE-2023-7004 | CVE-2023-7004 | | |
| CVE-2023-7005 | CVE-2023-7005 | | |
| CVE-2023-7006 | CVE-2023-7006 | | |
| CVE-2023-7007 | CVE-2023-7007 | | |
| CVE-2023-7008 | Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes | M | |
| CVE-2023-7009 | CVE-2023-7009 | | |
| CVE-2023-7010 | Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potent... | E | |
| CVE-2023-7011 | Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed ... | E | |
| CVE-2023-7012 | Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed a... | E | |
| CVE-2023-7013 | Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remot... | E | |
| CVE-2023-7014 | The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulner... | S | |
| CVE-2023-7015 | The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't... | S | |
| CVE-2023-7016 | Privilege Escalation in SafeNet Authentication Client | S | |
| CVE-2023-7017 | CVE-2023-7017 | | |
| CVE-2023-7018 | Deserialization of Untrusted Data in huggingface/transformers | E S | |
| CVE-2023-7019 | The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vuln... | | |
| CVE-2023-7020 | Tongda OA 2017 view.php sql injection | E | |
| CVE-2023-7021 | Tongda OA 2017 delete_search.php sql injection | E | |
| CVE-2023-7022 | Tongda OA 2017 delete_all.php sql injection | E | |
| CVE-2023-7023 | Tongda OA 2017 delete.php sql injection | E | |
| CVE-2023-7024 | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to... | KEV E | |
| CVE-2023-7025 | KylinSoft hedron-domain-hook DBus init_kcm access control | E | |
| CVE-2023-7026 | Lightxun IPTV Gateway web_upload_template.html unrestricted upload | E | |
| CVE-2023-7027 | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl... | E S | |
| CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password in GitLab | KEV E S | |
| CVE-2023-7029 | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scrip... | S | |
| CVE-2023-7030 | The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi... | | |
| CVE-2023-7031 | Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities | | |
| CVE-2023-7032 | A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logg... | | |
| CVE-2023-7033 | Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MEL... | | |
| CVE-2023-7035 | automad Setting post.php cross site scripting | E | |
| CVE-2023-7036 | automad Content Type FileCollectionController.php upload unrestricted upload | E | |
| CVE-2023-7037 | automad FileController.php import server-side request forgery | E | |
| CVE-2023-7038 | automad User Creation cross-site request forgery | E | |
| CVE-2023-7039 | Byzoro S210 importexport.php injection | E | |
| CVE-2023-7040 | codelyfe Stupid Simple CMS rename.php path traversal | E | |
| CVE-2023-7041 | codelyfe Stupid Simple CMS rename.php path traversal | E | |
| CVE-2023-7042 | Kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() | S | |
| CVE-2023-7043 | Unquoted path privilege vulnerability in ESET products for Windows | | |
| CVE-2023-7044 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders ... | S | |
| CVE-2023-7045 | Cross-Site Request Forgery (CSRF) in GitLab | E S | |
| CVE-2023-7046 | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score ... | | |
| CVE-2023-7047 | Inadequate validation of permissions when employing remote tools and macros via the context menu w... | | |
| CVE-2023-7048 | The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u... | S | |
| CVE-2023-7049 | Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode | | |
| CVE-2023-7050 | PHPGurukul Online Notes Sharing System profile.php cross site scripting | E | |
| CVE-2023-7051 | PHPGurukul Online Notes Sharing System manage-notes.php cross-site request forgery | E | |
| CVE-2023-7052 | PHPGurukul Online Notes Sharing System profile.php cross-site request forgery | E | |
| CVE-2023-7053 | PHPGurukul Online Notes Sharing System signup.php weak password | E | |
| CVE-2023-7054 | PHPGurukul Online Notes Sharing System add-notes.php unrestricted upload | E | |
| CVE-2023-7055 | PHPGurukul Online Notes Sharing System Contact Information profile.php access control | E | |
| CVE-2023-7056 | code-projects Faculty Management System subjects.php cross site scripting | E | |
| CVE-2023-7057 | code-projects Faculty Management System yearlevel.php cross site scripting | E | |
| CVE-2023-7058 | SourceCodester Simple Student Attendance System path traversal | E | |
| CVE-2023-7059 | SourceCodester School Visitor Log e-Book log-book.php cross site scripting | E | |
| CVE-2023-7060 | Missing Security Control in Zephyr OS IP Packet Handling | E | |
| CVE-2023-7061 | Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload | | |
| CVE-2023-7062 | Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal | | |
| CVE-2023-7063 | The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submissio... | | |
| CVE-2023-7064 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object I... | | |
| CVE-2023-7065 | The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to... | | |
| CVE-2023-7066 | Siemens Teamcenter Visualization and JT2Go Out-of-bounds Read | S | |
| CVE-2023-7067 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (fo... | | |
| CVE-2023-7068 | The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress... | S | |
| CVE-2023-7069 | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... | S | |
| CVE-2023-7070 | The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to ... | S | |
| CVE-2023-7071 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v... | S | |
| CVE-2023-7072 | The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Informati... | | |
| CVE-2023-7073 | Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery | | |
| CVE-2023-7074 | WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF | E | |
| CVE-2023-7075 | code-projects Point of Sales and Inventory Management System checkout.php cross site scripting | E | |
| CVE-2023-7076 | slawkens MyAAC bugtracker.php cross site scripting | S | |
| CVE-2023-7077 | Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS,... | | |
| CVE-2023-7078 | Server-Side Request Forgery (SSRF) in Miniflare | S | |
| CVE-2023-7079 | Arbitrary remote file read in Wrangler dev server | S | |
| CVE-2023-7080 | Arbitrary remote code execution within wrangler dev Workers sandbox | S | |
| CVE-2023-7081 | SQLi in PosTahsil's Online Payment System | | |
| CVE-2023-7082 | WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE | E | |
| CVE-2023-7083 | Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF | E | |
| CVE-2023-7084 | Voting Record <= 2.0 - Subscriber+ Stored XSS | E | |
| CVE-2023-7085 | Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG | E | |
| CVE-2023-7086 | SVG Uploads Support <= 2.1.1 - Author+ Stored XSS via SVG | E | |
| CVE-2023-7088 | Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG | E | |
| CVE-2023-7089 | Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG | E | |
| CVE-2023-7090 | Sudo: improper handling of ipa_hostname leads to privilege mismanagement | S | |
| CVE-2023-7091 | Dreamer CMS uploadFile unrestricted upload | E | |
| CVE-2023-7092 | Uniway UW-302VP Admin Web Interface wlan_basic_set.cgi cross-site request forgery | E | |
| CVE-2023-7093 | KylinSoft kylin-system-updater com.kylin.systemupgrade Service UpgradeStrategiesDbus.py os command injection | E | |
| CVE-2023-7094 | Netentsec NS-ASG Application Security Gateway nsasg6.0.tgz information disclosure | E | |
| CVE-2023-7095 | Totolink A7100RU HTTP POST Request main buffer overflow | E | |
| CVE-2023-7096 | code-projects Faculty Management System crud.php sql injection | E | |
| CVE-2023-7097 | code-projects Water Billing System addbill.php sql injection | E | |
| CVE-2023-7098 | icret EasyImages hide.php path traversal | E | |
| CVE-2023-7099 | PHPGurukul Nipah Virus Testing Management System bwdates-report-result.php sql injection | E | |
| CVE-2023-7100 | PHPGurukul Restaurant Table Booking System bwdates-report-details.php sql injection | E | |
| CVE-2023-7101 | Arbitrary Code Execution (ACE) Vulnerability | KEV S | |
| CVE-2023-7102 | Remote Code Execution (RCE) Vulnerability | | |
| CVE-2023-7103 | Authentication Bypass in ZKSoftware's UFace 5 | | |
| CVE-2023-7104 | SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow | E S | |
| CVE-2023-7105 | code-projects E-Commerce Website index_search.php sql injection | E | |
| CVE-2023-7106 | code-projects E-Commerce Website sql injection | E | |
| CVE-2023-7107 | code-projects E-Commerce Website user_signup.php sql injection | E | |
| CVE-2023-7108 | code-projects E-Commerce Website user_signup.php cross site scripting | E | |
| CVE-2023-7109 | code-projects Library Management System login.php sql injection | E | |
| CVE-2023-7110 | code-projects Library Management System login.php sql injection | E | |
| CVE-2023-7111 | code-projects Library Management System index.php sql injection | E | |
| CVE-2023-7113 | Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows a... | S | |
| CVE-2023-7114 | Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to ... | S | |
| CVE-2023-7115 | PageLayer < 1.8.1 - Admin+ Stored XSS | E | |
| CVE-2023-7116 | WeiYe-Jing datax-web HTTP POST Request killJob os command injection | E | |
| CVE-2023-7123 | SourceCodester Medicine Tracking System sql injection | E | |
| CVE-2023-7124 | code-projects E-Commerce Site search.php cross site scripting | E | |
| CVE-2023-7125 | Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF | E | |
| CVE-2023-7126 | code-projects Automated Voting System Admin Login sql injection | E | |
| CVE-2023-7127 | code-projects Automated Voting System Login sql injection | E | |
| CVE-2023-7128 | code-projects Voting System Admin Login sql injection | E | |
| CVE-2023-7129 | code-projects Voting System Voters Login sql injection | E | |
| CVE-2023-7130 | code-projects College Notes Gallery login.php sql injection | E | |
| CVE-2023-7131 | code-projects Intern Membership Management System User Registration sql injection | E | |
| CVE-2023-7132 | code-projects Intern Membership Management System User Registration cross site scripting | E | |
| CVE-2023-7133 | y_project RuoYi HTTP POST Request login cross site scripting | E | |
| CVE-2023-7134 | SourceCodester Medicine Tracking System path traversal | E | |
| CVE-2023-7135 | code-projects Record Management System Offices offices.php cross site scripting | E | |
| CVE-2023-7136 | code-projects Record Management System Document Type doctype.php cross site scripting | E | |
| CVE-2023-7137 | code-projects Client Details System HTTP POST Request sql injection | E | |
| CVE-2023-7138 | code-projects Client Details System HTTP POST Request admin sql injection | E | |
| CVE-2023-7139 | code-projects Client Details System HTTP POST Request regester.php sql injection | E | |
| CVE-2023-7140 | code-projects Client Details System manage-users.php sql injection | E | |
| CVE-2023-7141 | code-projects Client Details System update-clients.php sql injection | E | |
| CVE-2023-7142 | code-projects Client Details System clientview.php sql injection | E | |
| CVE-2023-7143 | code-projects Client Details System regester.php cross site scripting | E | |
| CVE-2023-7144 | gopeak MasterLab HTTP POST Request Feature.php sqlInject sql injection | E | |
| CVE-2023-7145 | gopeak MasterLab HTTP POST Request Framework.php sqlInject sql injection | E | |
| CVE-2023-7146 | gopeak MasterLab HTTP POST Request Feature.php sqlInjectDelete sql injection | E | |
| CVE-2023-7147 | gopeak MasterLab User.php base64ImageContent unrestricted upload | | |
| CVE-2023-7148 | ShifuML shifu Java Expression Language DataPurifier.java code injection | E | |
| CVE-2023-7149 | code-projects QR Code Generator cross site scripting | E | |
| CVE-2023-7150 | Campcodes Chic Beauty Salon Product product-list.php unrestricted upload | E | |
| CVE-2023-7151 | Product Enquiry for WooCommerce < 3.2 - Reflected XSS | E | |
| CVE-2023-7152 | MicroPython modselect.c poll_set_add_fd use after free | E S | |
| CVE-2023-7153 | Reflected XSS in Macroturk's Macro-Bel | | |
| CVE-2023-7154 | Hubbub Lite < 1.32.0 - Admin+ Stored XSS | E | |
| CVE-2023-7155 | SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection | E | |
| CVE-2023-7156 | Campcodes Online College Library System Search index.php sql injection | E | |
| CVE-2023-7157 | SourceCodester Free and Open Source Inventory Management System sell_return_data.php sql injection | E | |
| CVE-2023-7158 | MicroPython objslice.c slice_indices heap-based overflow | E S | |
| CVE-2023-7159 | gopeak MasterLab User.php update unrestricted upload | E | |
| CVE-2023-7160 | SourceCodester Engineers Online Portal Add Engineer cross site scripting | | |
| CVE-2023-7161 | Netentsec NS-ASG Application Security Gateway Login sql injection | E | |
| CVE-2023-7163 | D-Link D-View 8 Unauthenticated Probe-Core Server Communication | E | |
| CVE-2023-7164 | BackWPup < 4.0.4 - Unauthenticated Backup Download | E | |
| CVE-2023-7165 | JetBackup < 2.0.9.9 - Directory Listing Exposing Backups | E | |
| CVE-2023-7166 | Novel-Plus HTTP POST Request updateUserInfo cross site scripting | E S | |
| CVE-2023-7167 | Persian Fonts <= 1.6 - Admin+ Stored XSS | E | |
| CVE-2023-7168 | Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS | E | |
| CVE-2023-7169 | Impersonate vendor signed Powershell scripts | S | |
| CVE-2023-7170 | EventON-RSVP < 2.9.5 - Reflected XSS | E | |
| CVE-2023-7171 | Novel-Plus Friendly Link FriendLinkController.java cross site scripting | E S | |
| CVE-2023-7172 | PHPGurukul Hospital Management System Admin Dashboard sql injection | E | |
| CVE-2023-7173 | PHPGurukul Hospital Management System registration.php cross site scripting | E | |
| CVE-2023-7174 | aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF | E | |
| CVE-2023-7175 | Campcodes Online College Library System HTTP POST Request borrow_add.php sql injection | E | |
| CVE-2023-7176 | Campcodes Online College Library System HTTP POST Request return_add.php sql injection | E | |
| CVE-2023-7177 | Campcodes Online College Library System HTTP POST Request book_add.php sql injection | E | |
| CVE-2023-7178 | Campcodes Online College Library System HTTP POST Request book_row.php sql injection | E | |
| CVE-2023-7179 | Campcodes Online College Library System HTTP POST Request category_row.php sql injection | E | |
| CVE-2023-7180 | Tongda OA 2017 delete.php sql injection | E | |
| CVE-2023-7181 | Muyun DedeBIZ Add Attachment unrestricted upload | E | |
| CVE-2023-7182 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2023-7183 | 7-card Fakabao alipay_notify.php sql injection | E | |
| CVE-2023-7184 | 7-card Fakabao notify.php sql injection | E | |
| CVE-2023-7185 | 7-card Fakabao wxpay_notify.php sql injection | E | |
| CVE-2023-7186 | 7-card Fakabao notify.php sql injection | E | |
| CVE-2023-7187 | Totolink N350RT HTTP POST Request stack-based overflow | E | |
| CVE-2023-7188 | Shipping 100 Fahuo100 login.php sql injection | E | |
| CVE-2023-7189 | S-CMS sql injection | E | |
| CVE-2023-7190 | S-CMS sql injection | E | |
| CVE-2023-7191 | S-CMS reg.php sql injection | E | |
| CVE-2023-7192 | Kernel: refcount leak in ctnetlink_create_conntrack() | S | |
| CVE-2023-7193 | MTab Bookmark Installation install.php access control | E | |
| CVE-2023-7194 | Meris <= 1.1.2 - Reflected XSS | E | |
| CVE-2023-7195 | WP-Reply Notify <= 1.1 - Settings Update via CSRF | E | |
| CVE-2023-7196 | Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF | E | |
| CVE-2023-7197 | Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF | E | |
| CVE-2023-7198 | WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes | E | |
| CVE-2023-7199 | Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure | E S | |
| CVE-2023-7200 | EventON < 4.4.1 - Reflected Cross-Site Scripting | E | |
| CVE-2023-7201 | Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload | E | |
| CVE-2023-7202 | Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending | E | |
| CVE-2023-7203 | Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion | E | |
| CVE-2023-7204 | WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure | E | |
| CVE-2023-7206 | Horner Automation Cscape Stack-Based Buffer Overflow | S | |
| CVE-2023-7207 | Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-20... | S | |
| CVE-2023-7208 | Totolink X2000R_V2 boa formTmultiAP buffer overflow | E | |
| CVE-2023-7209 | Uniway Router Device Reset device_reset.cgi denial of service | E | |
| CVE-2023-7210 | OneNav API improper authentication | E | |
| CVE-2023-7211 | Uniway Router Administrative Web Interface reliance on ip address for authentication | E | |
| CVE-2023-7212 | DeDeCMS Backend file_class.php unrestricted upload | E | |
| CVE-2023-7213 | Totolink N350RT HTTP POST Request main stack-based overflow | E | |
| CVE-2023-7214 | Totolink N350RT HTTP POST Request main stack-based overflow | E | |
| CVE-2023-7215 | Chanzhaoyu chatgpt-web cross site scripting | E | |
| CVE-2023-7216 | Cpio: extraction allows symlinks which enables remote command execution | E M | |
| CVE-2023-7218 | Totolink N350RT cstecgi.cgi loginAuth stack-based overflow | E | |
| CVE-2023-7219 | Totolink N350RT cstecgi.cgi loginAuth stack-based overflow | E | |
| CVE-2023-7220 | Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow | E | |
| CVE-2023-7221 | Totolink T6 HTTP POST Request main buffer overflow | E | |
| CVE-2023-7222 | Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow | E | |
| CVE-2023-7223 | Totolink T6 cstecgi.cgi access control | E | |
| CVE-2023-7224 | OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external th... | | |
| CVE-2023-7225 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi... | E S | |
| CVE-2023-7226 | meetyoucrop big-whale Admin Module all.api improper ownership management | E | |
| CVE-2023-7227 | Command Injection vulnerability in SystemK NVR 504/508/516 | | |
| CVE-2023-7228 | illi Link Party! <= 1.0 - Unauthenticated Stored XSS | E | |
| CVE-2023-7229 | illi Link Party! <= 1.0 - Settings Update via CSRF | E | |
| CVE-2023-7230 | illi Link Party! <= 1.0 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2023-7231 | illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion | E | |
| CVE-2023-7232 | Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure | E | |
| CVE-2023-7233 | GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting | E | |
| CVE-2023-7234 | Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs | M | |
| CVE-2023-7235 | The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to... | | |
| CVE-2023-7236 | Backup Bolt <= 1.3.0 - Sensitive Data Exposure | E | |
| CVE-2023-7237 | Lantronix XPort Weak Encoding for Password | M | |
| CVE-2023-7238 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Orthanc Osimis DICOM Web Viewer | S | |
| CVE-2023-7239 | wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR | E | |
| CVE-2023-7240 | Broken Access Control leading to SSRF in NetIQ Identity Console | | |
| CVE-2023-7241 | Webroot Antivirus COM-Hijacking LPE | | |
| CVE-2023-7242 | Ethercat Zeek Plugin Out-of-bounds Read | S | |
| CVE-2023-7243 | Ethercat Zeek Plugin Out-of-bounds Write | S | |
| CVE-2023-7244 | Ethercat Zeek Plugin Out-of-bounds Write | S | |
| CVE-2023-7245 | The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly c... | | |
| CVE-2023-7246 | System Dashboard < 2.8.10 - XSS via Header Injection | E | |
| CVE-2023-7247 | Login as User or Customer <= 3.8 - Admin Account Takeover | E | |
| CVE-2023-7248 | OpenText Vertica Management console might be prone to bypass via crafted requests | S | |
| CVE-2023-7249 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Open... | | |
| CVE-2023-7250 | Iperf3: possible denial of service | | |
| CVE-2023-7251 | WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2023-7252 | Tickera < 3.5.2.5 - Ticket leakage through IDOR | E | |
| CVE-2023-7253 | Import WP < 2.13.1 - Admin+ Server-side Request Forgery | E | |
| CVE-2023-7255 | Rejected reason: Assigned as duplicate and no longer used.... | R | |
| CVE-2023-7256 | Double-free in libpcap before 1.10.5 with remote packet capture support. | S | |
| CVE-2023-7258 | Denial-of-Service in Gvisor | | |
| CVE-2023-7259 | zzdevelop lenosp Adduser Page cross site scripting | E | |
| CVE-2023-7260 | A path traversal vulnerability has been discovered in OpenText™ CX-E Voice. | S | |
| CVE-2023-7261 | Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local ... | E | |
| CVE-2023-7263 | Some Huawei home music system products have a path traversal vulnerability. Successful exploitation ... | | |
| CVE-2023-7264 | Build App Online <= 1.0.21 - Account Takeover via Weak Password Reset Mechanism | | |
| CVE-2023-7265 | Permission verification vulnerability in the lock screen module Impact: Successful exploitation of t... | | |
| CVE-2023-7266 | Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this ... | | |
| CVE-2023-7268 | ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion | E | |
| CVE-2023-7269 | ArtPlacer Widget < 2.21.2 - Stored XSS via CSRF | E | |
| CVE-2023-7270 | Local Privilege Escalation via MSI installer | E S | |
| CVE-2023-7271 | Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnera... | | |
| CVE-2023-7272 | Eclipse Parsson stack overflow with deeply nested objects | E | |
| CVE-2023-7273 | Cross Site Request Forgery in Kiteworks OwnCloud | S | |
| CVE-2023-7279 | Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos | S | |
| CVE-2023-7281 | Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remot... | E | |
| CVE-2023-7282 | Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote ... | E | |
| CVE-2023-7286 | ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference | | |
| CVE-2023-7287 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription' | S | |
| CVE-2023-7288 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference' | S | |
| CVE-2023-7289 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys' | S | |
| CVE-2023-7290 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles' | S | |
| CVE-2023-7291 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account' | S | |
| CVE-2023-7292 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss' | S | |
| CVE-2023-7293 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details' | S | |
| CVE-2023-7294 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile' | S | |
| CVE-2023-7295 | Video Grid <= 1.21 - Reflected Cross-Site Scripting | | |
| CVE-2023-7296 | BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting | | |
| CVE-2023-7297 | TwitterPosts <= 1.0.2 - Settings Update via CSRF | E | |
| CVE-2023-7298 | Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software | | |
| CVE-2023-7299 | DataGear resolveSql sql injection | E | |
| CVE-2023-7300 | Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnera... | | |
| CVE-2023-7303 | q2apro q2apro-on-site-notifications q2apro-onsitenotifications-page.php process_request cross site scripting | S |