CVE List - 2023 / May
Showing 1 - 100 of 2420 CVEs for May 2023 (Page 1 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-35898 | 2023-05-01 | OpenText BizManager before 16.6.0.1 does not perform proper validation during... |
| CVE-2023-22919 | 2023-05-01 | The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware... |
| CVE-2023-22921 | 2023-05-01 | A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2... |
| CVE-2023-22922 | 2023-05-01 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware... |
| CVE-2023-22923 | 2023-05-01 | A format string vulnerability in a binary of the Zyxel... |
| CVE-2023-22924 | 2023-05-01 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware... |
| CVE-2023-26987 | 2023-05-01 | An issue discovered in Konga 0.14.9 allows remote attackers to... |
| CVE-2023-27035 | 2023-05-01 | An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers... |
| CVE-2023-27108 | 2023-05-01 | An issue was discovered in KaiOS 3.0. The pre-installed Communications... |
| CVE-2023-29635 | 2023-05-01 | File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers... |
| CVE-2023-29636 | 2023-05-01 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers... |
| CVE-2023-29637 | 2023-05-01 | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers... |
| CVE-2023-29638 | 2023-05-01 | Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit... |
| CVE-2023-29639 | 2023-05-01 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers... |
| CVE-2023-29641 | 2023-05-01 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0... |
| CVE-2023-29643 | 2023-05-01 | Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers... |
| CVE-2023-29680 | 2023-05-01 | Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows... |
| CVE-2023-29681 | 2023-05-01 | Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt... |
| CVE-2023-30061 | 2023-05-01 | D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. |
| CVE-2023-30063 | 2023-05-01 | D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. |
| CVE-2023-30639 | 2023-05-01 | Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a... |
| CVE-2015-10105 | 2023-05-01 | IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal |
| CVE-2018-25085 | 2023-05-01 | Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting |
| CVE-2023-2236 | 2023-05-01 | Use-after-free in Linux kernel's Performance Events subsystem |
| CVE-2023-2235 | 2023-05-01 | Use-after-free in Linux kernel's Performance Events subsystem |
| CVE-2023-30859 | 2023-05-01 | Spigot Command Exploit in Triton |
| CVE-2023-0896 | 2023-05-01 | A default password was reported in Lenovo Smart Clock Essential... |
| CVE-2022-45802 | 2023-05-01 | Apache StreamPark (incubating): Upload any file to any directory |
| CVE-2023-28092 | 2023-05-01 | A potential security vulnerability has been identified in HPE ProLiant... |
| CVE-2023-25492 | 2023-05-01 | A valid, authenticated user may be able to trigger a... |
| CVE-2023-0683 | 2023-05-01 | A valid, authenticated XCC user with read only access may... |
| CVE-2022-4568 | 2023-05-01 | A directory permissions management vulnerability in Lenovo System Update may... |
| CVE-2022-45801 | 2023-05-01 | Apache StreamPark (incubating): LDAP Injection Vulnerability |
| CVE-2022-48186 | 2023-05-01 | A certificate validation vulnerability exists in the Baiying Android application... |
| CVE-2022-46365 | 2023-05-01 | Apache StreamPark (incubating): Logic error causing any account reset |
| CVE-2023-2451 | 2023-05-01 | SourceCodester Online DJ Management System GET Parameter view_details.php sql injection |
| CVE-2023-22503 | 2023-05-01 | Affected versions of Atlassian Confluence Server and Data Center allow... |
| CVE-2023-2197 | 2023-05-01 | Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM |
| CVE-2023-2247 | 2023-05-02 | In affected versions of Octopus Deploy it is possible to... |
| CVE-2023-29856 | 2023-05-02 | D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable... |
| CVE-2023-30943 | 2023-05-02 | Moodle: tinymce loaders susceptible to arbitrary folder creation |
| CVE-2023-30944 | 2023-05-02 | Moodle: minor sql injection risk in external wiki method for listing pages |
| CVE-2022-30759 | 2023-05-02 | In Nokia One-NDS (aka Network Directory Server) through 20.9, some... |
| CVE-2022-47874 | 2023-05-02 | Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5... |
| CVE-2022-47875 | 2023-05-02 | A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox... |
| CVE-2022-47876 | 2023-05-02 | The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated... |
| CVE-2022-47877 | 2023-05-02 | A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote,... |
| CVE-2022-47878 | 2023-05-02 | Incorrect input validation for the default-storage-path in the settings page... |
| CVE-2022-48482 | 2023-05-02 | 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on... |
| CVE-2022-48483 | 2023-05-02 | 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows... |
| CVE-2023-2479 | 2023-05-02 | OS Command Injection in appium/appium-desktop |
| CVE-2023-26089 | 2023-05-02 | European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass... |
| CVE-2023-26546 | 2023-05-02 | European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users... |
| CVE-2023-27892 | 2023-05-02 | Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware... |
| CVE-2023-29772 | 2023-05-02 | A Cross-site scripting (XSS) vulnerability in the System Log/General Log... |
| CVE-2023-29778 | 2023-05-02 | GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command... |
| CVE-2023-29867 | 2023-05-02 | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control.... |
| CVE-2023-29868 | 2023-05-02 | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access... |
| CVE-2023-29918 | 2023-05-02 | RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods... |
| CVE-2023-30403 | 2023-05-02 | An issue in the time-based authentication mechanism of Aigital Aigital... |
| CVE-2023-31433 | 2023-05-02 | A SQL injection issue in Logbuch in evasys before 8.2... |
| CVE-2023-31434 | 2023-05-02 | The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile,... |
| CVE-2023-31435 | 2023-05-02 | Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen,... |
| CVE-2013-10026 | 2023-05-02 | Mail Subscribe List Plugin index.php cross site scripting |
| CVE-2014-125100 | 2023-05-02 | BestWebSoft Job Board Plugin cross site scripting |
| CVE-2022-25713 | 2023-05-02 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Automotive |
| CVE-2022-33281 | 2023-05-02 | Improper validation of array index in computer vision. |
| CVE-2022-33292 | 2023-05-02 | Use after free in Qualcomm IPC |
| CVE-2022-33304 | 2023-05-02 | NULL pointers dereference in Modem |
| CVE-2022-33305 | 2023-05-02 | Null pointer dereference in Modem |
| CVE-2022-34144 | 2023-05-02 | Reachable assertion in Modem |
| CVE-2022-40505 | 2023-05-02 | Buffer over-read in Modem |
| CVE-2022-40508 | 2023-05-02 | Reachable assertion in Modem |
| CVE-2023-21642 | 2023-05-02 | Improper Access Control in HAB Memory Management |
| CVE-2023-21665 | 2023-05-02 | Incorrect Type Conversion or Cast in Graphics |
| CVE-2023-21666 | 2023-05-02 | Improper Release of Memory Before Removing Last Reference (`Memory Leak`) in Graphics |
| CVE-2023-0924 | 2023-05-02 | Zyrex Popup <= 1.0 - Admin+ Arbitrary File Upload |
| CVE-2023-1525 | 2023-05-02 | Site Reviews < 6.7.1 - Admin+ Stored XSS |
| CVE-2023-1861 | 2023-05-02 | Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS |
| CVE-2023-1554 | 2023-05-02 | Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS |
| CVE-2023-1021 | 2023-05-02 | Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS |
| CVE-2023-1125 | 2023-05-02 | Ruby Help Desk < 1.3.4 - Subscriber+ Ticket Update via IDOR |
| CVE-2023-1809 | 2023-05-02 | Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure |
| CVE-2023-1805 | 2023-05-02 | Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS |
| CVE-2023-1669 | 2023-05-02 | SEOPress < 6.5.0.3 - Admin+ PHP Object Injection |
| CVE-2023-0891 | 2023-05-02 | Stagtools < 2.3.7 - Contributor+ Stored XSS |
| CVE-2023-1804 | 2023-05-02 | Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS |
| CVE-2023-1614 | 2023-05-02 | WP Custom Author URL < 1.0.5 - Admin+ Stored XSS |
| CVE-2023-1090 | 2023-05-02 | WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS |
| CVE-2023-1911 | 2023-05-02 | Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access |
| CVE-2023-1546 | 2023-05-02 | MyCryptoCheckout < 2.124 - Reflected XSS |
| CVE-2023-1730 | 2023-05-02 | SupportCandy < 3.1.5 - Unauthenticated SQLi |
| CVE-2022-33273 | 2023-05-02 | Buffer over-read in Trusted Execution Environment |
| CVE-2022-40504 | 2023-05-02 | Reachable assertion in Modem |
| CVE-2023-32007 | 2023-05-02 | Apache Spark: Shell command injection via Spark UI |
| CVE-2023-1196 | 2023-05-02 | Advanced Custom Fields - Contributor+ PHP Object Injection |
| CVE-2023-31207 | 2023-05-02 | Automation user secret logged to Apache access log |
| CVE-2023-2000 | 2023-05-02 | Unrestricted navigation due to unvalidated mattermost server redirection |
| CVE-2023-30869 | 2023-05-02 | WordPress Easy Digital Downloads Plugin 3.1-3.1.1.4.1 is vulnerable to Privilege Escalation |
| CVE-2023-23723 | 2023-05-02 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS) |