CVE List - 2023 / April
Showing 2001 - 2100 of 2302 CVEs for April 2023 (Page 21 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-25490 | 2023-04-25 | WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25479 | 2023-04-25 | WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2281 | 2023-04-25 | Archiving a team broadcasts unsanitized data over WebSockets |
| CVE-2023-28847 | 2023-04-25 | Nextcloud Server missing brute force protection for passwords of password protected share links |
| CVE-2023-25484 | 2023-04-25 | WordPress Simple Yearly Archive Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47608 | 2023-04-25 | WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29200 | 2023-04-25 | contao/core-bundle has path traversal vulnerability in the file manager |
| CVE-2023-30545 | 2023-04-25 | PrestaShop arbitrary file read vulnerability |
| CVE-2023-30838 | 2023-04-25 | PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method |
| CVE-2023-2282 | 2023-04-25 | Improper access control in the Web Login listener in Devolutions... |
| CVE-2021-45071 | 2023-04-25 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and... |
| CVE-2021-23176 | 2023-04-25 | Improper access control in reporting engine of l10n_fr_fec module in... |
| CVE-2021-45111 | 2023-04-25 | Improper access control in Odoo Community 15.0 and earlier and... |
| CVE-2021-44476 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and... |
| CVE-2021-44460 | 2023-04-25 | Improper access control in Odoo Community 13.0 and earlier and... |
| CVE-2021-44461 | 2023-04-25 | Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise... |
| CVE-2021-23166 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and... |
| CVE-2021-23186 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and... |
| CVE-2021-23178 | 2023-04-25 | Improper access control in Odoo Community 15.0 and earlier and... |
| CVE-2021-44775 | 2023-04-25 | Cross-site scripting (XSS) issue in Website app of Odoo Community... |
| CVE-2021-44465 | 2023-04-25 | Improper access control in Odoo Community 13.0 and earlier and... |
| CVE-2021-26263 | 2023-04-25 | Cross-site scripting (XSS) issue in Discuss app of Odoo Community... |
| CVE-2021-26947 | 2023-04-25 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and... |
| CVE-2021-44547 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise... |
| CVE-2023-25485 | 2023-04-25 | WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2021-23203 | 2023-04-25 | Improper access control in reporting engine of Odoo Community 14.0... |
| CVE-2023-28086 | 2023-04-25 | An HPE OneView appliance dump may expose proxy credential settings |
| CVE-2023-25793 | 2023-04-25 | WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28087 | 2023-04-25 | An HPE OneView appliance dump may expose OneView user accounts |
| CVE-2023-30839 | 2023-04-25 | PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager" |
| CVE-2023-28088 | 2023-04-25 | An HPE OneView appliance dump may expose SAN switch administrative... |
| CVE-2023-28089 | 2023-04-25 | An HPE OneView appliance dump may expose FTP credentials for... |
| CVE-2023-28090 | 2023-04-25 | An HPE OneView appliance dump may expose SNMPv3 read credentials |
| CVE-2023-28084 | 2023-04-25 | HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens |
| CVE-2023-25461 | 2023-04-25 | WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25652 | 2023-04-25 | "git apply --reject" partially-controlled arbitrary file write |
| CVE-2023-23995 | 2023-04-25 | WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23889 | 2023-04-25 | WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23866 | 2023-04-25 | WordPress Interactive Geo Maps Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23710 | 2023-04-25 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24005 | 2023-04-25 | WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25815 | 2023-04-25 | Git looks for localized messages in the wrong place |
| CVE-2023-29007 | 2023-04-25 | Arbitrary configuration injection via `git submodule deinit` |
| CVE-2023-29011 | 2023-04-25 | Git for Windows's config file of `connect.exe` is susceptible to malicious placing |
| CVE-2023-29012 | 2023-04-25 | Git CMD erroneously executes `doskey.exe` in the current directory, if it exists |
| CVE-2023-30609 | 2023-04-25 | matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting |
| CVE-2023-2293 | 2023-04-25 | SourceCodester Purchase Order Management System cross site scripting |
| CVE-2023-0045 | 2023-04-25 | Incorrect indirect branch prediction barrier in the Linux Kernel |
| CVE-2023-26930 | 2023-04-26 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker... |
| CVE-2020-36070 | 2023-04-26 | Insecure Permission vulnerability found in Yoyager v.1.4 and before allows... |
| CVE-2022-25273 | 2023-04-26 | Drupal core's form API has a vulnerability where certain contributed... |
| CVE-2022-25274 | 2023-04-26 | Drupal 9.3 implemented a generic entity access API for entity... |
| CVE-2022-25275 | 2023-04-26 | In some situations, the Image module does not correctly check... |
| CVE-2022-25276 | 2023-04-26 | The Media oEmbed iframe route does not properly validate the... |
| CVE-2022-25277 | 2023-04-26 | Drupal core sanitizes filenames with dangerous extensions upon upload (reference:... |
| CVE-2022-25278 | 2023-04-26 | Under certain circumstances, the Drupal core form API evaluates form... |
| CVE-2022-27978 | 2023-04-26 | Tooljet v1.6 does not properly handle missing values in the... |
| CVE-2022-27979 | 2023-04-26 | A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers... |
| CVE-2022-39989 | 2023-04-26 | An issue was discovered in Fighting Cock Information System 1.0,... |
| CVE-2022-44232 | 2023-04-26 | libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt()... |
| CVE-2023-2291 | 2023-04-26 | Static credentials exist in the PostgreSQL data used in ManageEngine... |
| CVE-2023-2307 | 2023-04-26 | Cross-Site Request Forgery (CSRF) in builderio/qwik |
| CVE-2023-24796 | 2023-04-26 | Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows... |
| CVE-2023-26567 | 2023-04-26 | Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO... |
| CVE-2023-27107 | 2023-04-26 | Incorrect access control in the runReport function of MyQ Solution... |
| CVE-2023-29442 | 2023-04-26 | Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. |
| CVE-2023-29443 | 2023-04-26 | Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before... |
| CVE-2023-29596 | 2023-04-26 | Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an... |
| CVE-2023-29835 | 2023-04-26 | Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a... |
| CVE-2023-29836 | 2023-04-26 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions... |
| CVE-2023-30112 | 2023-04-26 | Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL... |
| CVE-2023-30210 | 2023-04-26 | OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS)... |
| CVE-2023-30211 | 2023-04-26 | OURPHP <= 7.2.0 is vulnerable to SQL Injection. |
| CVE-2023-30212 | 2023-04-26 | OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS)... |
| CVE-2023-30265 | 2023-04-26 | CLTPHP <=6.0 is vulnerable to Directory Traversal. |
| CVE-2023-30266 | 2023-04-26 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with... |
| CVE-2023-30267 | 2023-04-26 | CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2023-30269 | 2023-04-26 | CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. |
| CVE-2023-30280 | 2023-04-26 | Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128,... |
| CVE-2023-30363 | 2023-04-26 | vConsole v3.15.0 was discovered to contain a prototype pollution due... |
| CVE-2023-31250 | 2023-04-26 | Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 |
| CVE-2022-41739 | 2023-04-26 | IBM Spectrum Scale privilege escalation |
| CVE-2022-36769 | 2023-04-26 | IBM Cloud Pak for Data file upload |
| CVE-2023-2294 | 2023-04-26 | UCMS Column Configuration saddpost.php cross site scripting |
| CVE-2023-2273 | 2023-04-26 | Rapid7 Insight Agent Directory Traversal |
| CVE-2023-26286 | 2023-04-26 | IBM AIX privilege escalation |
| CVE-2023-29257 | 2023-04-26 | IBM Db2 code execution |
| CVE-2023-1387 | 2023-04-26 | Grafana is an open-source platform for monitoring and observability. Starting... |
| CVE-2023-22728 | 2023-04-26 | Silverstripe Framework has missing permission check of canView in GridFieldPrintButton |
| CVE-2023-22729 | 2023-04-26 | Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen |
| CVE-2023-29268 | 2023-04-26 | TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability |
| CVE-2023-0458 | 2023-04-26 | Spectre V1 Gadget in do_prlimit in the Linux Kernel |
| CVE-2023-30546 | 2023-04-26 | Contiki-NG has off-by-one error in Antelope DBMS |
| CVE-2023-30841 | 2023-04-26 | Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps |
| CVE-2023-27559 | 2023-04-26 | IBM Db2 denial of service |
| CVE-2023-28008 | 2023-04-26 | HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection |
| CVE-2023-28009 | 2023-04-26 | HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection |
| CVE-2022-45456 | 2023-04-26 | Denial of service due to unauthenticated API endpoint. The following... |
| CVE-2023-30843 | 2023-04-26 | Payload's hidden fields can be leaked on readable collections |
| CVE-2023-30845 | 2023-04-26 | ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header |