CVE List - 2023 / April
Showing 301 - 400 of 2302 CVEs for April 2023 (Page 4 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-1710 | 2023-04-05 | A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the... |
| CVE-2023-1733 | 2023-04-05 | A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. |
| CVE-2023-1756 | 2023-04-05 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-1757 | 2023-04-05 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-1758 | 2023-04-05 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in thorsten/phpmyfaq |
| CVE-2023-1787 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a... |
| CVE-2023-1788 | 2023-04-05 | Insufficient Session Expiration in firefly-iii/firefly-iii |
| CVE-2023-1855 | 2023-04-05 | A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to... |
| CVE-2023-1877 | 2023-04-05 | Command Injection in microweber/microweber |
| CVE-2023-1878 | 2023-04-05 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-1879 | 2023-04-05 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-1880 | 2023-04-05 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2023-1881 | 2023-04-05 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2023-1882 | 2023-04-05 | Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq |
| CVE-2023-1883 | 2023-04-05 | Improper Access Control in thorsten/phpmyfaq |
| CVE-2023-1884 | 2023-04-05 | Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq |
| CVE-2023-1885 | 2023-04-05 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-1886 | 2023-04-05 | Authentication Bypass by Capture-replay in thorsten/phpmyfaq |
| CVE-2023-1887 | 2023-04-05 | Business Logic Errors in thorsten/phpmyfaq |
| CVE-2023-1892 | 2023-04-05 | Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq |
| CVE-2023-24720 | 2023-04-05 | An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. |
| CVE-2023-24747 | 2023-04-05 | Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. |
| CVE-2023-26789 | 2023-04-05 | Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to... |
| CVE-2023-26856 | 2023-04-05 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. |
| CVE-2023-26857 | 2023-04-05 | An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2023-28342 | 2023-04-05 | Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. |
| CVE-2023-28639 | 2023-04-05 | GLPI vulnerable to reflected Cross-site Scripting in search pages |
| CVE-2023-29374 | 2023-04-05 | In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. |
| CVE-2023-29389 | 2023-04-05 | Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after... |
| CVE-2023-1845 | 2023-04-05 | SourceCodester Online Payroll System employee_row.php sql injection |
| CVE-2023-0382 | 2023-04-05 | Uncontrolled Resource Consumption in M-Files Server |
| CVE-2023-1846 | 2023-04-05 | SourceCodester Online Payroll System deduction_row.php sql injection |
| CVE-2023-1847 | 2023-04-05 | SourceCodester Online Payroll System attendance.php sql injection |
| CVE-2023-1848 | 2023-04-05 | SourceCodester Online Payroll System attendance_row.php sql injection |
| CVE-2023-1849 | 2023-04-05 | SourceCodester Online Payroll System cashadvance_row.php sql injection |
| CVE-2023-1850 | 2023-04-05 | SourceCodester Online Payroll System login.php sql injection |
| CVE-2023-26536 | 2023-04-05 | WordPress Sp*tify Play Button for WordPress Plugin <= 2.05 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1851 | 2023-04-05 | SourceCodester Online Payroll System employee_add.php cross site scripting |
| CVE-2023-1852 | 2023-04-05 | SourceCodester Online Payroll System deduction_edit.php cross site scripting |
| CVE-2023-1853 | 2023-04-05 | SourceCodester Online Payroll System employee_edit.php cross site scripting |
| CVE-2023-1854 | 2023-04-05 | SourceCodester Online Graduate Tracer System session expiration |
| CVE-2023-1856 | 2023-04-05 | SourceCodester Air Cargo Management System GET Parameter track_shipment.php sql injection |
| CVE-2023-1857 | 2023-04-05 | SourceCodester Online Computer and Laptop Store cross site scripting |
| CVE-2023-28069 | 2023-04-05 | Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and... |
| CVE-2023-1858 | 2023-04-05 | SourceCodester Earnings and Expense Tracker App index.php information disclosure |
| CVE-2023-1860 | 2023-04-05 | Keysight IXIA Hawkeye licenses cross site scripting |
| CVE-2013-10022 | 2023-04-05 | BestWebSoft Contact Form Plugin contact_form.php cntctfrm_check_form cross site scripting |
| CVE-2023-1865 | 2023-04-05 | The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up... |
| CVE-2023-1866 | 2023-04-05 | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys... |
| CVE-2023-1867 | 2023-04-05 | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save... |
| CVE-2023-1868 | 2023-04-05 | The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions... |
| CVE-2023-1869 | 2023-04-05 | The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This... |
| CVE-2023-1870 | 2023-04-05 | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang... |
| CVE-2023-1871 | 2023-04-05 | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang... |
| CVE-2023-28632 | 2023-04-05 | GLPI vulnerable to account takeover by authenticated user |
| CVE-2023-22660 | 2023-04-05 | A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to... |
| CVE-2023-22291 | 2023-04-05 | An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which... |
| CVE-2022-45115 | 2023-04-05 | A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file... |
| CVE-2022-43664 | 2023-04-05 | A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to... |
| CVE-2023-1412 | 2023-04-05 | Local Privilege Escalation Vulnerability in WARP's MSI Installer |
| CVE-2023-28633 | 2023-04-05 | GLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feeds |
| CVE-2023-20118 | 2023-04-05 | A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands... |
| CVE-2023-28634 | 2023-04-05 | GLPI vulnerable to Privilege Escalation from Technician to Super-Admin |
| CVE-2023-28636 | 2023-04-05 | GLPI vulnerable to stored Cross-site Scripting in external links |
| CVE-2022-4935 | 2023-04-05 | The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX... |
| CVE-2022-4936 | 2023-04-05 | The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes... |
| CVE-2023-28838 | 2023-04-05 | GLPI vulnerable to SQL injection through dynamic reports |
| CVE-2022-4937 | 2023-04-05 | The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various... |
| CVE-2022-4938 | 2023-04-05 | The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This... |
| CVE-2023-28849 | 2023-04-05 | GLPI vulnerable to SQL injection and Stored XSS via inventory agent request |
| CVE-2023-28852 | 2023-04-05 | GLPI vulnerable to stored Cross-site Scripting through dashboard administration |
| CVE-2023-28855 | 2023-04-05 | Fields GLPI plugin vulnerable to unauthorized write access to additional fields |
| CVE-2023-29006 | 2023-04-05 | Order GLPI plugin vulnerable to remote code execution from authenticated user |
| CVE-2022-4939 | 2023-04-05 | THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that... |
| CVE-2022-4940 | 2023-04-05 | The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX... |
| CVE-2022-4941 | 2023-04-05 | The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes... |
| CVE-2023-1522 | 2023-04-05 | SQL Injection in the Hardware Inventory report of Security Center 5.11.2. |
| CVE-2023-1782 | 2023-04-05 | Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation |
| CVE-2023-20677 | 2023-04-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-29417 | 2023-04-06 | An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be... |
| CVE-2020-19678 | 2023-04-06 | Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. |
| CVE-2020-36071 | 2023-04-06 | SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page. |
| CVE-2020-36072 | 2023-04-06 | SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter. |
| CVE-2020-36073 | 2023-04-06 | SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page. |
| CVE-2020-36074 | 2023-04-06 | SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter. |
| CVE-2022-32599 | 2023-04-06 | In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-46781 | 2023-04-06 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds.... |
| CVE-2023-20652 | 2023-04-06 | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20653 | 2023-04-06 | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20654 | 2023-04-06 | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20655 | 2023-04-06 | In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction... |
| CVE-2023-20656 | 2023-04-06 | In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20657 | 2023-04-06 | In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20658 | 2023-04-06 | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20659 | 2023-04-06 | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20660 | 2023-04-06 | In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2023-20661 | 2023-04-06 | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20662 | 2023-04-06 | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20663 | 2023-04-06 | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20664 | 2023-04-06 | In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |