CVE List - 2023 / April
Showing 601 - 700 of 2302 CVEs for April 2023 (Page 7 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-1957 | 2023-04-08 | SourceCodester Online Computer and Laptop Store Subcategory sql injection |
| CVE-2023-1958 | 2023-04-08 | SourceCodester Online Computer and Laptop Store sql injection |
| CVE-2023-1959 | 2023-04-08 | SourceCodester Online Computer and Laptop Store sql injection |
| CVE-2023-1960 | 2023-04-08 | SourceCodester Online Computer and Laptop Store sql injection |
| CVE-2023-1961 | 2023-04-08 | SourceCodester Online Computer and Laptop Store cross site scripting |
| CVE-2013-10024 | 2023-04-08 | Exit Strategy Plugin exitpage.php information disclosure |
| CVE-2013-10025 | 2023-04-08 | Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery |
| CVE-2023-27718 | 2023-04-09 | D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27719 | 2023-04-09 | D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27720 | 2023-04-09 | D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27727 | 2023-04-09 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. |
| CVE-2023-27728 | 2023-04-09 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. |
| CVE-2023-27729 | 2023-04-09 | Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. |
| CVE-2023-27730 | 2023-04-09 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. |
| CVE-2012-10010 | 2023-04-09 | BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery |
| CVE-2014-125095 | 2023-04-09 | BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render cross site scripting |
| CVE-2023-1962 | 2023-04-09 | SourceCodester Best Online News Portal POST Parameter forgot-password.php sql injection |
| CVE-2023-1963 | 2023-04-09 | PHPGurukul Bank Locker Management System Search index.php sql injection |
| CVE-2023-1964 | 2023-04-09 | PHPGurukul Bank Locker Management System Password Reset recovery.php sql injection |
| CVE-2012-10011 | 2023-04-09 | HD FLV PLayer Plugin functions.php hd_update_media sql injection |
| CVE-2009-10004 | 2023-04-09 | Turante Sandbox Theme functions.php sandbox_body_class cross site scripting |
| CVE-2012-10012 | 2023-04-09 | BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery |
| CVE-2023-1916 | 2023-04-10 | A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c,... |
| CVE-2020-36077 | 2023-04-10 | SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file |
| CVE-2021-45985 | 2023-04-10 | In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. |
| CVE-2022-32871 | 2023-04-10 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to... |
| CVE-2022-37462 | 2023-04-10 | A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script... |
| CVE-2022-39048 | 2023-04-10 | Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect |
| CVE-2022-41976 | 2023-04-10 | An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating... |
| CVE-2022-42858 | 2023-04-10 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges |
| CVE-2022-46703 | 2023-04-10 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be... |
| CVE-2022-46709 | 2023-04-10 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with... |
| CVE-2022-46716 | 2023-04-10 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings |
| CVE-2022-46717 | 2023-04-10 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be... |
| CVE-2023-1668 | 2023-04-10 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue... |
| CVE-2023-24181 | 2023-04-10 | LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. |
| CVE-2023-24721 | 2023-04-10 | A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2023-25392 | 2023-04-10 | Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation. |
| CVE-2023-26063 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. |
| CVE-2023-26064 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. |
| CVE-2023-26065 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 have an Integer Overflow. |
| CVE-2023-26066 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. |
| CVE-2023-26067 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). |
| CVE-2023-26068 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). |
| CVE-2023-26069 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). |
| CVE-2023-26070 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). |
| CVE-2023-26466 | 2023-04-10 | A user with non-Admin access can change a configuration file on the client to modify the Server URL. |
| CVE-2023-26467 | 2023-04-10 | A man in the middle can redirect traffic to a malicious server in a compromised configuration. |
| CVE-2023-26495 | 2023-04-10 | An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker... |
| CVE-2023-26773 | 2023-04-10 | Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file. |
| CVE-2023-26774 | 2023-04-10 | An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint. |
| CVE-2023-26788 | 2023-04-10 | Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the... |
| CVE-2023-26860 | 2023-04-10 | SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component. |
| CVE-2023-26919 | 2023-04-10 | delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit... |
| CVE-2023-26986 | 2023-04-10 | An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to... |
| CVE-2023-27076 | 2023-04-10 | Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. |
| CVE-2023-27178 | 2023-04-10 | An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2023-27650 | 2023-04-10 | An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. |
| CVE-2023-28093 | 2023-04-10 | A user with a compromised configuration can start an unsigned binary as a service. |
| CVE-2023-28205 | 2023-04-10 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura... |
| CVE-2023-28206 | 2023-04-10 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS... |
| CVE-2023-29375 | 2023-04-10 | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through... |
| CVE-2023-29376 | 2023-04-10 | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users... |
| CVE-2023-30456 | 2023-04-10 | An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. |
| CVE-2014-125096 | 2023-04-10 | Fancy Gallery Plugin Options Page class.options.php cross site scripting |
| CVE-2014-125097 | 2023-04-10 | BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scripting |
| CVE-2014-125098 | 2023-04-10 | Dart http_server Directory Listing virtual_directory.dart VirtualDirectory cross site scripting |
| CVE-2023-26120 | 2023-04-10 | This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update. |
| CVE-2023-29215 | 2023-04-10 | Apache Linkis JDBC EngineCon has a deserialization command execution |
| CVE-2023-27602 | 2023-04-10 | Apache Linkis publicsercice module unrestricted upload of file |
| CVE-2023-27603 | 2023-04-10 | Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue |
| CVE-2023-27987 | 2023-04-10 | Apache Linkis gateway module token authentication bypass |
| CVE-2023-29216 | 2023-04-10 | Apache Linkis DatasourceManager module has a deserialization command execution |
| CVE-2015-10099 | 2023-04-10 | CP Appointment Calendar Plugin dex_appointments.php dex_process_ready_to_go_appointment sql injection |
| CVE-2023-0363 | 2023-04-10 | Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS |
| CVE-2023-1122 | 2023-04-10 | Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting |
| CVE-2023-0893 | 2023-04-10 | Time Sheets < 1.29.3 - Admin+ Stored XSS |
| CVE-2023-1406 | 2023-04-10 | JetEngine < 3.1.3.1 - Author+ Remote Code Execution |
| CVE-2023-1426 | 2023-04-10 | WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure |
| CVE-2023-1425 | 2023-04-10 | Groundhogg Contacts < 2.7.9.4 - Admin+ SQLi |
| CVE-2023-0605 | 2023-04-10 | Auto Rename Media On Upload < 1.1.0 - Admin+ Stored XSS |
| CVE-2023-0983 | 2023-04-10 | Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS |
| CVE-2023-1478 | 2023-04-10 | Hummingbird < 3.4.2 - Unauthenticated Path Traversal |
| CVE-2023-0156 | 2023-04-10 | All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal |
| CVE-2023-1120 | 2023-04-10 | Simple Giveaways < 2.45.1 - Admin+ Stored XSS |
| CVE-2023-0422 | 2023-04-10 | Article Directory <= 1.3 - Admin+ Stored XSS |
| CVE-2023-0423 | 2023-04-10 | WordPress Amazon S3 Plugin < 1.6 - Reflected XSS |
| CVE-2023-0874 | 2023-04-10 | Klaviyo <= 3.0.10 - Admin+ Stored XSS |
| CVE-2023-1121 | 2023-04-10 | Simple Giveaways < 2.45.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-4827 | 2023-04-10 | WP Tiles <= 1.1.2 - Contributor+ Stored XSS |
| CVE-2023-0157 | 2023-04-10 | All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS |
| CVE-2023-0546 | 2023-04-10 | FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field |
| CVE-2023-1381 | 2023-04-10 | WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization |
| CVE-2023-1969 | 2023-04-10 | SourceCodester Online Eyewear Shop GET Parameter manage_stock.php sql injection |
| CVE-2023-1970 | 2023-04-10 | yuan1994 tpAdmin Upload.php Upload unrestricted upload |
| CVE-2023-1971 | 2023-04-10 | yuan1994 tpAdmin Upload.php remote server-side request forgery |
| CVE-2015-10100 | 2023-04-10 | Dynamic Widgets Plugin dynwid_class.php sql injection |
| CVE-2018-25084 | 2023-04-10 | Ping Identity Self-Service Account Manager SSAMController.java cross site scripting |
| CVE-2023-29005 | 2023-04-10 | No Rate Limiting on Login AUTH DB |
| CVE-2023-29192 | 2023-04-10 | SilverwareGames.io users with access to the game upload panel are able to edit download links for games uploaded by other developers |