CVE List - 2023 / February
Showing 201 - 300 of 2164 CVEs for February 2023 (Page 3 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-36546 | 2023-02-03 | Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote... |
| CVE-2021-36569 | 2023-02-03 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote... |
| CVE-2021-36570 | 2023-02-03 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote... |
| CVE-2021-36712 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers... |
| CVE-2021-37234 | 2023-02-03 | Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b... |
| CVE-2021-37304 | 2023-02-03 | An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote... |
| CVE-2021-37305 | 2023-02-03 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows... |
| CVE-2021-37306 | 2023-02-03 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows... |
| CVE-2021-37311 | 2023-02-03 | Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause... |
| CVE-2021-37315 | 2023-02-03 | Incorrect Access Control issue discoverd in Cloud Disk in ASUS... |
| CVE-2021-37316 | 2023-02-03 | SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router... |
| CVE-2021-37317 | 2023-02-03 | Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router... |
| CVE-2021-37373 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation... |
| CVE-2021-37374 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware... |
| CVE-2021-37378 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube... |
| CVE-2021-37497 | 2023-02-03 | SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote... |
| CVE-2021-37501 | 2023-02-03 | Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows... |
| CVE-2021-37502 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote... |
| CVE-2021-37518 | 2023-02-03 | Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66... |
| CVE-2021-37519 | 2023-02-03 | Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to... |
| CVE-2022-31733 | 2023-02-03 | Starting with diego-release 2.55.0 and up to 2.69.0, and starting... |
| CVE-2022-34138 | 2023-02-03 | Insecure direct object references (IDOR) in the web server of... |
| CVE-2022-42908 | 2023-02-03 | WEPA Print Away is vulnerable to a stored XSS. It... |
| CVE-2022-42909 | 2023-02-03 | WEPA Print Away does not verify that a user has... |
| CVE-2022-45491 | 2023-02-03 | Buffer overflow vulnerability in function json_parse_value in sheredom json.h before... |
| CVE-2022-45496 | 2023-02-03 | Buffer overflow vulnerability in function json_parse_string in sheredom json.h before... |
| CVE-2022-45588 | 2023-02-03 | All versions before R2022-09 of Talend's Remote Engine Gen 2... |
| CVE-2022-47070 | 2023-02-03 | NVS365 V01 is vulnerable to Incorrect Access Control. After entering... |
| CVE-2022-47130 | 2023-02-03 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10... |
| CVE-2022-47131 | 2023-02-03 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10... |
| CVE-2022-47762 | 2023-02-03 | In gin-vue-admin < 2.5.5, the download module has a Path... |
| CVE-2022-48021 | 2023-02-03 | A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary... |
| CVE-2022-48022 | 2023-02-03 | An issue in the component /api/v1/mentions of Zammad v5.3.0 allows... |
| CVE-2023-20854 | 2023-02-03 | VMware Workstation contains an arbitrary file deletion vulnerability. A malicious... |
| CVE-2023-23086 | 2023-02-03 | Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to... |
| CVE-2023-23087 | 2023-02-03 | An issue was found in MojoJson v1.2.3 allows attackers to... |
| CVE-2023-23088 | 2023-02-03 | Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed... |
| CVE-2023-23635 | 2023-02-03 | In Jellyfin 10.8.x through 10.8.3, the name of a collection... |
| CVE-2023-23636 | 2023-02-03 | In Jellyfin 10.8.x through 10.8.3, the name of a playlist... |
| CVE-2023-24029 | 2023-02-03 | In Progress WS_FTP Server before 8.8, it is possible for... |
| CVE-2023-24138 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24139 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24140 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24141 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24142 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24143 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24144 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24145 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24146 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24147 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code... |
| CVE-2023-24148 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection... |
| CVE-2023-24149 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code... |
| CVE-2023-24150 | 2023-02-03 | A command injection vulnerability in the serverIp parameter in the... |
| CVE-2023-24151 | 2023-02-03 | A command injection vulnerability in the ip parameter in the... |
| CVE-2023-24152 | 2023-02-03 | A command injection vulnerability in the serverIp parameter in the... |
| CVE-2023-24153 | 2023-02-03 | A command injection vulnerability in the version parameter in the... |
| CVE-2023-24154 | 2023-02-03 | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection... |
| CVE-2023-24155 | 2023-02-03 | TOTOLINK T8 V4.1.5cu was discovered to contain a hard code... |
| CVE-2023-24156 | 2023-02-03 | A command injection vulnerability in the ip parameter in the... |
| CVE-2023-24157 | 2023-02-03 | A command injection vulnerability in the serverIp parameter in the... |
| CVE-2023-24613 | 2023-02-03 | The user interface of Array Networks AG Series and vxAG... |
| CVE-2023-25135 | 2023-02-03 | vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to... |
| CVE-2023-25139 | 2023-02-03 | sprintf in the GNU C Library (glibc) 2.37 has a... |
| CVE-2023-0659 | 2023-02-03 | BDCOM 1704-WGL Backup File param.file.tgz information disclosure |
| CVE-2023-0661 | 2023-02-03 | Improper access control in Devolutions Server allows an authenticated user... |
| CVE-2022-43779 | 2023-02-03 | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified... |
| CVE-2022-38396 | 2023-02-03 | HP Factory Preinstalled Images on certain systems that shipped with... |
| CVE-2023-24576 | 2023-02-03 | EMC NetWorker may potentially be vulnerable to an unauthenticated remote... |
| CVE-2023-23477 | 2023-02-03 | IBM WebSphere Application Server code execution |
| CVE-2023-23925 | 2023-02-03 | Switcher Client contains Regular Expression Denial of Service (ReDoS) |
| CVE-2023-23933 | 2023-02-03 | Issue in Anomaly Detection with document and field level rules in numerical feature aggregations |
| CVE-2023-23937 | 2023-02-03 | Missing file upload type validation in pimcore/pimcore |
| CVE-2023-23940 | 2023-02-03 | OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass |
| CVE-2013-10015 | 2023-02-03 | fanzila WebFinance save_Contract_Signer_Role.php sql injection |
| CVE-2013-10016 | 2023-02-03 | fanzila WebFinance save_taxes.php sql injection |
| CVE-2023-22474 | 2023-02-03 | Parse Server is vulnerable to authentication bypass via spoofing |
| CVE-2023-23932 | 2023-02-03 | Specially crafted RTPS message may cause an OpenDDS application to crash |
| CVE-2023-23941 | 2023-02-03 | SwagPayPal payment not sent to PayPal correctly |
| CVE-2023-0663 | 2023-02-03 | Calendar Event Management System Login Page sql injection |
| CVE-2023-22746 | 2023-02-03 | CKAN is vulnerable to session secret shared across instances using Docker images |
| CVE-2022-23498 | 2023-02-03 | When query caching is enabled in Grafana users can query another users session |
| CVE-2022-24895 | 2023-02-03 | Symfony vulnerable to Session Fixation of CSRF tokens |
| CVE-2022-24894 | 2023-02-03 | Symfony storing cookie headers in HttpCache |
| CVE-2023-23615 | 2023-02-03 | Malicious users in Discourse can create spam topics as any user due to improper access control |
| CVE-2013-10017 | 2023-02-03 | fanzila WebFinance save_roles.php sql injection |
| CVE-2013-10018 | 2023-02-03 | fanzila WebFinance save_contact.php sql injection |
| CVE-2023-0671 | 2023-02-04 | Code Injection in froxlor/froxlor |
| CVE-2023-0676 | 2023-02-04 | Cross-site Scripting (XSS) - Reflected in phpipam/phpipam |
| CVE-2023-0677 | 2023-02-04 | Cross-site Scripting (XSS) - Reflected in phpipam/phpipam |
| CVE-2023-0678 | 2023-02-04 | Missing Authorization in phpipam/phpipam |
| CVE-2023-25193 | 2023-02-04 | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2)... |
| CVE-2015-10072 | 2023-02-04 | NREL api-umbrella-web Flash Message cross site scripting |
| CVE-2018-25079 | 2023-02-04 | Segmentio is-url index.js redos |
| CVE-2023-0673 | 2023-02-04 | SourceCodester Online Eyewear Shop sql injection |
| CVE-2023-0674 | 2023-02-04 | XXL-JOB New Password updatePwd cross-site request forgery |
| CVE-2023-0675 | 2023-02-04 | Calendar Event Management System sql injection |
| CVE-2018-25080 | 2023-02-04 | MobileDetect Example session_example.php initLayoutType cross site scripting |
| CVE-2019-25101 | 2023-02-04 | OnShift TurboGears HTTP Header controllers.py response splitting |
| CVE-2023-22849 | 2023-02-04 | Apache Sling App CMS: XSS in CMS Reference / UI Components |
| CVE-2022-45786 | 2023-02-04 | Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection |