CVE List - 2023 / May
Showing 1901 - 2000 of 2420 CVEs for May 2023 (Page 20 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-31861 | 2023-05-25 | ZLMediaKit 4.0 is vulnerable to Directory Traversal. |
| CVE-2023-33263 | 2023-05-25 | In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. |
| CVE-2023-33278 | 2023-05-25 | In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. |
| CVE-2023-33279 | 2023-05-25 | In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. |
| CVE-2023-33280 | 2023-05-25 | In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. |
| CVE-2023-33355 | 2023-05-25 | IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. |
| CVE-2023-33356 | 2023-05-25 | IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-0950 | 2023-05-25 | Array Index UnderFlow in Calc Formula Parsing |
| CVE-2023-28370 | 2023-05-25 | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having... |
| CVE-2023-33750 | 2023-05-25 | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. |
| CVE-2023-33751 | 2023-05-25 | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. |
| CVE-2023-2734 | 2023-05-25 | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during... |
| CVE-2023-2733 | 2023-05-25 | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during... |
| CVE-2023-2732 | 2023-05-25 | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during... |
| CVE-2022-46907 | 2023-05-25 | Apache JSPWiki: XSS Injection points in several plugins |
| CVE-2022-47135 | 2023-05-25 | WordPress Chronoforms Plugin <= 7.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47139 | 2023-05-25 | WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47138 | 2023-05-25 | WordPress LOGIN AND REGISTRATION ATTEMPTS LIMIT Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47159 | 2023-05-25 | WordPress Logaster Logo Generator Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2882 | 2023-05-25 | Privilege Escalation in CBOT's Chatbot |
| CVE-2023-2883 | 2023-05-25 | IDOR in CBOT's Chatbot |
| CVE-2023-2884 | 2023-05-25 | Insecure Randomness in CBOT's Chatbot |
| CVE-2022-47164 | 2023-05-25 | WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2885 | 2023-05-25 | Channel Accessible by Non-Endpoint in CBOT's Chatbot |
| CVE-2023-2886 | 2023-05-25 | Cross-Site WebSocket Hijacking in CBOT's Chatbot |
| CVE-2022-46866 | 2023-05-25 | WordPress Import External Images Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2887 | 2023-05-25 | User Authentication Bypass in CBOT's Chatbot |
| CVE-2022-46865 | 2023-05-25 | WordPress Bulk Resize Media Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46812 | 2023-05-25 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46800 | 2023-05-25 | WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41635 | 2023-05-25 | WordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47161 | 2023-05-25 | WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47165 | 2023-05-25 | WordPress CoSchedule Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47149 | 2023-05-25 | WordPress Shortlinks by Pretty Links Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30484 | 2023-05-25 | WordPress Enable Accessibility Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47177 | 2023-05-25 | WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45367 | 2023-05-25 | WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41987 | 2023-05-25 | WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-43490 | 2023-05-25 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38356 | 2023-05-25 | WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38716 | 2023-05-25 | WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45371 | 2023-05-25 | WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45815 | 2023-05-25 | WordPress GDPR Compliance & Cookie Consent Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46820 | 2023-05-25 | WordPress Joli Table Of Contents Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46814 | 2023-05-25 | WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46810 | 2023-05-25 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46856 | 2023-05-25 | WordPress Woocommerce Product Designer Plugin <= 4.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47144 | 2023-05-25 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47136 | 2023-05-25 | WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47178 | 2023-05-25 | WordPress Simple Share Buttons Adder Plugin <= 8.4.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45366 | 2023-05-25 | WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47174 | 2023-05-25 | WordPress Performance Lab Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2888 | 2023-05-25 | PHPOK unrestricted upload |
| CVE-2023-0459 | 2023-05-25 | Copy_from_user Spectre-V1 Gadget in Linux Kernel |
| CVE-2023-2480 | 2023-05-25 | Elevation of Privilege in M-Files Desktop Client |
| CVE-2023-2851 | 2023-05-25 | SQLi in Ceppatron |
| CVE-2023-2798 | 2023-05-25 | Denial of service in HtmlUnit |
| CVE-2023-22504 | 2023-05-25 | Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in... |
| CVE-2023-32694 | 2023-05-25 | Non-constant time HMAC comparison in Adyen plugin in Saleor |
| CVE-2023-30615 | 2023-05-25 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web |
| CVE-2023-30851 | 2023-05-25 | Potential HTTP policy bypass when using header rules in Cilium |
| CVE-2023-26216 | 2023-05-25 | TIBCO EBX Add-ons Arbitrary File Write |
| CVE-2023-26215 | 2023-05-25 | TIBCO EBX® Add-ons Path Traversal |
| CVE-2023-2900 | 2023-05-25 | NFine Rapid Development Platform CheckLogin weak hash |
| CVE-2023-31124 | 2023-05-25 | AutoTools does not set CARES_RANDOM_FILE during cross compilation |
| CVE-2023-2901 | 2023-05-25 | NFine Rapid Development Platform access control |
| CVE-2023-31130 | 2023-05-25 | Buffer Underwrite in ares_inet_net_pton() |
| CVE-2023-31147 | 2023-05-25 | Insufficient randomness in generation of DNS query IDs in c-ares |
| CVE-2023-2902 | 2023-05-25 | NFine Rapid Development Platform access control |
| CVE-2023-2903 | 2023-05-25 | NFine Rapid Development Platform access control |
| CVE-2023-32067 | 2023-05-25 | 0-byte UDP payload DoS in c-ares |
| CVE-2023-32074 | 2023-05-25 | Nextcloud user_oidc app is missing brute force protection |
| CVE-2021-46881 | 2023-05-26 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-46882 | 2023-05-26 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-46883 | 2023-05-26 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-46884 | 2023-05-26 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-46885 | 2023-05-26 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-46886 | 2023-05-26 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-46887 | 2023-05-26 | Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. |
| CVE-2022-48478 | 2023-05-26 | The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. |
| CVE-2022-48479 | 2023-05-26 | The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. |
| CVE-2022-48480 | 2023-05-26 | Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-0116 | 2023-05-26 | The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-0117 | 2023-05-26 | The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime. |
| CVE-2023-1664 | 2023-05-26 | A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak.... |
| CVE-2023-1667 | 2023-05-26 | A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. |
| CVE-2023-2002 | 2023-05-26 | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of... |
| CVE-2023-20868 | 2023-05-26 | NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. |
| CVE-2023-20882 | 2023-05-26 | In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry.... |
| CVE-2023-20883 | 2023-05-26 | In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring... |
| CVE-2023-21514 | 2023-05-26 | Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. |
| CVE-2023-21515 | 2023-05-26 | InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. |
| CVE-2023-21516 | 2023-05-26 | XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. |
| CVE-2023-22970 | 2023-05-26 | Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. |
| CVE-2023-27311 | 2023-05-26 | NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector. |
| CVE-2023-2817 | 2023-05-26 | A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to... |
| CVE-2023-2825 | 2023-05-26 | An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when... |
| CVE-2023-28319 | 2023-05-26 | A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this... |
| CVE-2023-28320 | 2023-05-26 | A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to... |
| CVE-2023-28321 | 2023-05-26 | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can... |