CVE List - 2023 / May
Showing 1801 - 1900 of 2420 CVEs for May 2023 (Page 19 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-1837 | 2023-05-23 | Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) |
| CVE-2023-2702 | 2023-05-23 | IDOR in Finex Media's Competition Management System |
| CVE-2023-2703 | 2023-05-23 | Information Disclosure in Finex Media's Competition Management System |
| CVE-2023-1508 | 2023-05-23 | SQLi in AdamPOS's Mobilmen Terminal Software |
| CVE-2023-28015 | 2023-05-23 | HCL Domino AppDev Pack is susceptible to a User Account Enumeration vulnerability |
| CVE-2023-32697 | 2023-05-23 | Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled |
| CVE-2023-2498 | 2023-05-23 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input... |
| CVE-2023-2496 | 2023-05-23 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions... |
| CVE-2023-2494 | 2023-05-23 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions... |
| CVE-2021-25748 | 2023-05-24 | Ingress-nginx `path` sanitization can be bypassed with newline character |
| CVE-2021-25749 | 2023-05-24 | runAsNonRoot logic bypass for Windows containers |
| CVE-2022-30025 | 2023-05-24 | SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter. |
| CVE-2022-41221 | 2023-05-24 | The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML... |
| CVE-2022-42225 | 2023-05-24 | Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission. |
| CVE-2023-1174 | 2023-05-24 | [minikube] Network Port exposure in minikube running on macOS using Docker driver |
| CVE-2023-1944 | 2023-05-24 | [minikube] ssh server with default password |
| CVE-2023-25598 | 2023-05-24 | A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site... |
| CVE-2023-25599 | 2023-05-24 | A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient... |
| CVE-2023-33248 | 2023-05-24 | Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz... |
| CVE-2023-33785 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33786 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33787 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33788 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-33789 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33790 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-33791 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33792 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33793 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33794 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-33795 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33796 | 2023-05-24 | A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this... |
| CVE-2023-33797 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-33798 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-33799 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-33800 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-33829 | 2023-05-24 | A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-33980 | 2023-05-24 | Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. |
| CVE-2023-33981 | 2023-05-24 | Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a... |
| CVE-2023-33982 | 2023-05-24 | Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is... |
| CVE-2023-33983 | 2023-05-24 | The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two... |
| CVE-2023-2859 | 2023-05-24 | Code Injection in nilsteampassnet/teampass |
| CVE-2023-29721 | 2023-05-24 | SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. |
| CVE-2023-31457 | 2023-05-24 | A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts... |
| CVE-2023-31458 | 2023-05-24 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative... |
| CVE-2023-31459 | 2023-05-24 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges,... |
| CVE-2023-31460 | 2023-05-24 | A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack... |
| CVE-2023-31595 | 2023-05-24 | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. |
| CVE-2023-31748 | 2023-05-24 | Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. |
| CVE-2023-33009 | 2023-05-24 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG... |
| CVE-2023-33010 | 2023-05-24 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1,... |
| CVE-2023-1424 | 2023-05-24 | Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module |
| CVE-2022-0357 | 2023-05-24 | Improper Quoting Path Issue in Bitdefender Total Security |
| CVE-2023-2862 | 2023-05-24 | SiteServer CMS search cross site scripting |
| CVE-2023-2863 | 2023-05-24 | Simple Design Daily Journal SQLite Database cleartext storage in a file or on disk |
| CVE-2023-2864 | 2023-05-24 | SourceCodester Online Jewelry Store POST Parameter customer.php cross site scripting |
| CVE-2023-2865 | 2023-05-24 | SourceCodester Theme Park Ticketing System GET Parameter print_ticket.php sql injection |
| CVE-2023-2750 | 2023-05-24 | SQLi in Cityboss Software's E-municipality |
| CVE-2023-2065 | 2023-05-24 | IDOR in Armoli Technology's Cargo Tracking System |
| CVE-2023-33937 | 2023-05-24 | Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows... |
| CVE-2023-2064 | 2023-05-24 | SQLi in Minova Technology's eTrace |
| CVE-2023-33938 | 2023-05-24 | Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to... |
| CVE-2023-2045 | 2023-05-24 | SQLi in Ipekyolu Software's Auto Damage Tracking Software |
| CVE-2023-33939 | 2023-05-24 | Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before... |
| CVE-2023-33940 | 2023-05-24 | Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script... |
| CVE-2023-33941 | 2023-05-24 | Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote... |
| CVE-2023-33246 | 2023-05-24 | Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function |
| CVE-2023-33942 | 2023-05-24 | Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web... |
| CVE-2023-33943 | 2023-05-24 | Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script... |
| CVE-2023-33944 | 2023-05-24 | Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject... |
| CVE-2023-33945 | 2023-05-24 | SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers... |
| CVE-2023-33946 | 2023-05-24 | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in... |
| CVE-2023-33947 | 2023-05-24 | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated... |
| CVE-2023-33948 | 2023-05-24 | The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which... |
| CVE-2022-46816 | 2023-05-24 | WordPress Booking Ultra Pro Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45364 | 2023-05-24 | WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47152 | 2023-05-24 | WordPress clickfunnels Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47180 | 2023-05-24 | WordPress Kopa Framework Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46794 | 2023-05-24 | WordPress WooCommerce Weight Based Shipping Plugin <= 5.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33949 | 2023-05-24 | In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create... |
| CVE-2022-47446 | 2023-05-24 | WordPress Store Locator Plugin <= 3.98.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47447 | 2023-05-24 | WordPress WP-Advanced-Search Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33950 | 2023-05-24 | Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns,... |
| CVE-2022-47448 | 2023-05-24 | WordPress xili-tidy-tags Plugin <= 1.12.03 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25028 | 2023-05-24 | WordPress CC Custom Taxonomy Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2870 | 2023-05-24 | EnTech Monitor Asset Manager IoControlCode 0x80002014 denial of service |
| CVE-2023-2871 | 2023-05-24 | FabulaTech USB for Remote Desktop IoControlCode 0x220408 null pointer dereference |
| CVE-2023-2872 | 2023-05-24 | FlexiHub IoControlCode fusbhub.sys 0x220088 null pointer dereference |
| CVE-2023-2873 | 2023-05-24 | Twister Antivirus IoControlCode filppd.sys 0x80800043 memory corruption |
| CVE-2023-2868 | 2023-05-24 | Remote Code injection in Barracuda Email Security Gateway |
| CVE-2023-2874 | 2023-05-24 | Twister Antivirus IoControlCode filppd.sys 0x804f2140 denial of service |
| CVE-2023-2875 | 2023-05-24 | eScan Antivirus IoControlCode PROCOBSRVESX.SYS 0x22E008u null pointer dereference |
| CVE-2023-1158 | 2023-05-24 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2022-4815 | 2023-05-24 | Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data |
| CVE-2023-2500 | 2023-05-24 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from... |
| CVE-2023-2255 | 2023-05-25 | Remote documents loaded without prompt via IFrame |
| CVE-2023-25439 | 2023-05-25 | Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details. |
| CVE-2023-27529 | 2023-05-25 | Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before... |
| CVE-2023-2804 | 2023-05-25 | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of... |
| CVE-2023-2881 | 2023-05-25 | Storing Passwords in a Recoverable Format in pimcore/customer-data-framework |
| CVE-2023-31594 | 2023-05-25 | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. |