CVE List - 2023 / January
Showing 1101 - 1200 of 2351 CVEs for January 2023 (Page 12 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-0295 | 2023-01-13 | The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2015-10042 | 2023-01-13 | Dovgalyuk AIBattle procedures.php registerUser sql injection |
| CVE-2017-20169 | 2023-01-13 | GGGGGGGG ToN-MasterServer svr_request_pub.php sql injection |
| CVE-2022-41721 | 2023-01-13 | Request smuggling due to improper request handling in golang.org/x/net/http2/h2c |
| CVE-2022-1812 | 2023-01-14 | Integer Overflow or Wraparound in publify/publify |
| CVE-2022-2815 | 2023-01-14 | Insecure Storage of Sensitive Information in publify/publify |
| CVE-2023-0297 | 2023-01-14 | Code Injection in pyload/pyload |
| CVE-2023-0298 | 2023-01-14 | Incorrect Authorization in firefly-iii/firefly-iii |
| CVE-2023-0299 | 2023-01-14 | Improper Input Validation in publify/publify |
| CVE-2023-0300 | 2023-01-14 | Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io |
| CVE-2023-0301 | 2023-01-14 | Cross-site Scripting (XSS) - Stored in alfio-event/alf.io |
| CVE-2023-22850 | 2023-01-14 | Tiki before 24.1, when the Spreadsheets feature is enabled, allows... |
| CVE-2023-22851 | 2023-01-14 | Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an... |
| CVE-2023-22852 | 2023-01-14 | Tiki through 25.0 allows CSRF attacks that are related to... |
| CVE-2023-22853 | 2023-01-14 | Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP... |
| CVE-2023-23589 | 2023-01-14 | The SafeSocks option in Tor before 0.4.7.13 has a logic... |
| CVE-2023-22480 | 2023-01-14 | KubeOperator is vulnerable to unauthorized access to system API |
| CVE-2022-41955 | 2023-01-14 | Autolab is vulnerable to remote code execution (RCE) via MOSS functionality |
| CVE-2023-22478 | 2023-01-14 | KubePi is vulnerable to missing authorization |
| CVE-2022-23532 | 2023-01-14 | neo4j-apoc-procedures is vulnerable to path traversal |
| CVE-2023-22470 | 2023-01-14 | Nextcloud Deck vulnerable to uncontrolled resource consumption |
| CVE-2023-22471 | 2023-01-14 | Nextcloud Deck vulnerable to authorization bypass |
| CVE-2022-41956 | 2023-01-14 | Autolab is vulnerable to file disclosure via remote handin feature |
| CVE-2023-22495 | 2023-01-14 | Izanami is vulnerable to Authorization Bypass |
| CVE-2023-22496 | 2023-01-14 | Netdata vulnerable to command injection |
| CVE-2023-22497 | 2023-01-14 | Netdata is vulnerable to improper authentication |
| CVE-2023-22602 | 2023-01-14 | Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request |
| CVE-2022-38467 | 2023-01-14 | WordPress CRM Perks Forms Plugin <= 1.1.0 is vulnerable to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2022-45353 | 2023-01-14 | WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control |
| CVE-2017-20167 | 2023-01-14 | Minichan reports.php cross site scripting |
| CVE-2015-10020 | 2023-01-14 | ssn2013 cis450Project AddAppUser.java addUser sql injection |
| CVE-2015-10043 | 2023-01-14 | abreen Apollo path traversal |
| CVE-2023-0302 | 2023-01-15 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in radareorg/radare2 |
| CVE-2023-0306 | 2023-01-15 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0307 | 2023-01-15 | Weak Password Requirements in thorsten/phpmyfaq |
| CVE-2023-0308 | 2023-01-15 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0309 | 2023-01-15 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0310 | 2023-01-15 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0311 | 2023-01-15 | Improper Authentication in thorsten/phpmyfaq |
| CVE-2023-0312 | 2023-01-15 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0313 | 2023-01-15 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0314 | 2023-01-15 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2023-23590 | 2023-01-15 | Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to... |
| CVE-2023-23595 | 2023-01-15 | BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate... |
| CVE-2022-4889 | 2023-01-15 | visegripped Stracker api.php getHistory sql injection |
| CVE-2014-125077 | 2023-01-15 | pointhi searx_stats cron.php sql injection |
| CVE-2014-125078 | 2023-01-15 | yanheven console horizon.instances.js cross site scripting |
| CVE-2014-125079 | 2023-01-15 | agy pontifex.http Http.coffee sql injection |
| CVE-2015-10044 | 2023-01-15 | gophergala sqldump sql injection |
| CVE-2015-10045 | 2023-01-15 | tutrantta project_todolist Database.php update sql injection |
| CVE-2015-10046 | 2023-01-15 | lolfeedback sql injection |
| CVE-2015-10047 | 2023-01-15 | KYUUBl school-register DBManager.java sql injection |
| CVE-2015-10048 | 2023-01-15 | bmattoso desafio_buzz_woody sql injection |
| CVE-2023-0303 | 2023-01-15 | SourceCodester Online Food Ordering System view_prod.php sql injection |
| CVE-2023-0304 | 2023-01-15 | SourceCodester Online Food Ordering System Signup Module admin_class.php sql injection |
| CVE-2023-0305 | 2023-01-15 | SourceCodester Online Food Ordering System Login Module admin_class.php sql injection |
| CVE-2015-10049 | 2023-01-15 | Overdrive Eletrônica course-builder oeditor.html cross site scripting |
| CVE-2015-10050 | 2023-01-15 | brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injection |
| CVE-2015-10051 | 2023-01-15 | bony2023 Discussion-Board main.php display_all_replies sql injection |
| CVE-2015-10052 | 2023-01-15 | calesanz gibb-modul-151 login redirect |
| CVE-2016-15018 | 2023-01-15 | krail-jpa sql injection |
| CVE-2016-15019 | 2023-01-15 | tombh jekbox server.rb exposure of information through directory listing |
| CVE-2018-25075 | 2023-01-15 | karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injection |
| CVE-2022-47630 | 2023-01-16 | Trusted Firmware-A through 2.8 has an out-of-bounds read in the... |
| CVE-2023-0315 | 2023-01-16 | Command Injection in froxlor/froxlor |
| CVE-2023-0316 | 2023-01-16 | Path Traversal: '\..\filename' in froxlor/froxlor |
| CVE-2023-0323 | 2023-01-16 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-4258 | 2023-01-16 | Hima: Unquoted path vulnerabilities in HIMA PC based Software |
| CVE-2022-43717 | 2023-01-16 | Apache Superset: Cross-Site Scripting on dashboards |
| CVE-2022-43718 | 2023-01-16 | Apache Superset: Cross-Site Scripting vulnerability on upload forms |
| CVE-2022-43719 | 2023-01-16 | Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API |
| CVE-2022-43720 | 2023-01-16 | Apache Superset: Improper rendering of user input |
| CVE-2022-43721 | 2023-01-16 | Apache Superset: Open Redirect Vulnerability |
| CVE-2022-45438 | 2023-01-16 | Apache Superset: Dashboard metadata information leak |
| CVE-2022-41703 | 2023-01-16 | Apache Superset: SQL injection vulnerability in adhoc clauses |
| CVE-2013-10012 | 2023-01-16 | antonbolling clan7ups Login/Session sql injection |
| CVE-2016-15020 | 2023-01-16 | liftkit database Query.php processOrderBy sql injection |
| CVE-2015-10053 | 2023-01-16 | prodigasistemas curupira passwords_controller.rb sql injection |
| CVE-2018-25076 | 2023-01-16 | Events Extension events.php searchResults sql injection |
| CVE-2021-4313 | 2023-01-16 | NethServer phonenehome index.php get_country_coor sql injection |
| CVE-2022-4890 | 2023-01-16 | abhilash1985 PredictApp Cookie new_framework_defaults_7_0.rb deserialization |
| CVE-2023-0324 | 2023-01-16 | SourceCodester Online Tours & Travels Management System page-login.php sql injection |
| CVE-2022-4648 | 2023-01-16 | Real Testimonials < 2.6.0 - Contributor+ Stored XSS |
| CVE-2022-4465 | 2023-01-16 | WP Video Lightbox < 1.9.7 - Contributor+ Stored XSS |
| CVE-2022-4449 | 2023-01-16 | Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS |
| CVE-2022-4330 | 2023-01-16 | WP Attachments < 5.0.6 - Admin+ Stored XSS |
| CVE-2022-4486 | 2023-01-16 | Meteor Slides < 1.5.7 - Contributor+ Stored XSS |
| CVE-2022-4469 | 2023-01-16 | Simple Membership < 4.2.2 - Contributor+ Stored XSS |
| CVE-2022-3904 | 2023-01-16 | MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics |
| CVE-2022-4453 | 2023-01-16 | 3D FlipBook <= 1.13.2 - Contributor+ Stored XSS |
| CVE-2022-4653 | 2023-01-16 | Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4487 | 2023-01-16 | Easy Accordion < 2.2.0 - Contributor+ Stored XSS |
| CVE-2022-4464 | 2023-01-16 | Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS |
| CVE-2022-4480 | 2023-01-16 | Click to Chat < 3.18.1 - Contributor+ Stored XSS |
| CVE-2022-4101 | 2023-01-16 | Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion |
| CVE-2022-4547 | 2023-01-16 | Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi |
| CVE-2022-4199 | 2023-01-16 | Link Library < 7.4.1 - Admin+ Stored XSS |
| CVE-2022-4571 | 2023-01-16 | Seriously Simple Podcasting < 2.19.1 - Contributor+ Stored XSS |
| CVE-2022-4658 | 2023-01-16 | RSSImport <= 4.6.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4320 | 2023-01-16 | WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS |