CVE List - 2023 / May
Showing 2001 - 2100 of 2420 CVEs for May 2023 (Page 21 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-28322 | 2023-05-26 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS`... |
| CVE-2023-28382 | 2023-05-26 | Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as... |
| CVE-2023-2854 | 2023-05-26 | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
| CVE-2023-2857 | 2023-05-26 | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
| CVE-2023-2898 | 2023-05-26 | There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. |
| CVE-2023-30145 | 2023-05-26 | Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. |
| CVE-2023-31225 | 2023-05-26 | The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. |
| CVE-2023-31226 | 2023-05-26 | The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-31227 | 2023-05-26 | The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. |
| CVE-2023-33247 | 2023-05-26 | Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote... |
| CVE-2023-33255 | 2023-05-26 | An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization.... |
| CVE-2023-33394 | 2023-05-26 | skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data. |
| CVE-2023-33439 | 2023-05-26 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. |
| CVE-2023-33440 | 2023-05-26 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. |
| CVE-2023-33720 | 2023-05-26 | mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. |
| CVE-2023-33779 | 2023-05-26 | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. |
| CVE-2023-33780 | 2023-05-26 | A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2022-46945 | 2023-05-26 | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. |
| CVE-2023-1981 | 2023-05-26 | A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. |
| CVE-2023-2283 | 2023-05-26 | A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there... |
| CVE-2023-2855 | 2023-05-26 | Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
| CVE-2023-2856 | 2023-05-26 | VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
| CVE-2023-2858 | 2023-05-26 | NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
| CVE-2023-2879 | 2023-05-26 | GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file |
| CVE-2023-23714 | 2023-05-26 | WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25971 | 2023-05-26 | WordPress Educare – Students & Result Management System Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25976 | 2023-05-26 | WordPress Integration for Contact Form 7 and Zoho CRM, Bigin Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25781 | 2023-05-26 | WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24007 | 2023-05-26 | WordPress Admin Block Country Plugin <= 7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25038 | 2023-05-26 | WordPress For the visually impaired Plugin <= 0.58 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22693 | 2023-05-26 | WordPress WP Google Tag Manager Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24008 | 2023-05-26 | WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32323 | 2023-05-26 | Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites |
| CVE-2022-39335 | 2023-05-26 | Synapse does not apply enough checks to servers requesting auth events of events in a room |
| CVE-2022-39374 | 2023-05-26 | Synapse Denial of service due to incorrect application of event authorization rules during state resolution |
| CVE-2023-25029 | 2023-05-26 | WordPress WP Social Bookmarking Light Plugin <= 2.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25470 | 2023-05-26 | WordPress Rus-To-Lat Plugin <= 0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25467 | 2023-05-26 | WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25034 | 2023-05-26 | WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25058 | 2023-05-26 | WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29098 | 2023-05-26 | WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32964 | 2023-05-26 | WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32681 | 2023-05-26 | Unintended leak of Proxy-Authorization header in requests |
| CVE-2023-32318 | 2023-05-26 | User session not correctly destroyed on logout |
| CVE-2023-33197 | 2023-05-26 | Craft CMS stored XSS in indexedVolumes |
| CVE-2023-33185 | 2023-05-26 | Incorrect signature verification in django-ses |
| CVE-2023-33187 | 2023-05-26 | highlight vulnerable to cleartext transmission of sensitive information |
| CVE-2023-33196 | 2023-05-26 | Craft CMS stored XSS in review volume |
| CVE-2023-33194 | 2023-05-26 | CraftCMS stored XSS in Quick Post widget error message |
| CVE-2023-31128 | 2023-05-26 | NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection |
| CVE-2023-32307 | 2023-05-26 | heap-over-flow and integer-overflow in sofia-sip |
| CVE-2023-32311 | 2023-05-26 | The CloudExplorer Lite missing permissions check |
| CVE-2023-32315 | 2023-05-26 | Openfire administration console authentication bypass |
| CVE-2023-32316 | 2023-05-26 | Users can add themselves to any organization in CloudExplorer Lite |
| CVE-2023-32317 | 2023-05-26 | Autolab tar slip in cheat checker functionality (`GHSL-2023-082`) |
| CVE-2023-32676 | 2023-05-26 | Autolab tar slip in Install Assessment functionality (`GHSL-2023-081`) |
| CVE-2023-32319 | 2023-05-26 | Basic auth header on WebDAV requests is not brute-force protected in Nextcloud |
| CVE-2023-33199 | 2023-05-26 | malformed proposed intoto v0.0.2 entries can cause a panic in Rekor |
| CVE-2023-32321 | 2023-05-26 | CKAN remote code execution and private information access via crafted resource ids |
| CVE-2023-32325 | 2023-05-26 | Cross-site scripting in PostHog-js |
| CVE-2015-20108 | 2023-05-27 | xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. |
| CVE-2023-2942 | 2023-05-27 | Improper Input Validation in openemr/openemr |
| CVE-2023-2943 | 2023-05-27 | Code Injection in openemr/openemr |
| CVE-2023-2944 | 2023-05-27 | Improper Access Control in openemr/openemr |
| CVE-2023-2945 | 2023-05-27 | Missing Authorization in openemr/openemr |
| CVE-2023-2946 | 2023-05-27 | Improper Access Control in openemr/openemr |
| CVE-2023-2947 | 2023-05-27 | Cross-site Scripting (XSS) - Stored in openemr/openemr |
| CVE-2023-32688 | 2023-05-27 | Invalid push request payload crashes Parse Server |
| CVE-2023-33188 | 2023-05-27 | Uncontrolled data used in content resolution |
| CVE-2023-33195 | 2023-05-27 | Craft CMS XSS in RSS widget feed |
| CVE-2023-33192 | 2023-05-27 | Improper handling of NTS cookie length that could crash the ntpd-rs server |
| CVE-2023-32686 | 2023-05-27 | kiwitcms vulnerable to stored XSS via unrestricted files upload |
| CVE-2023-33184 | 2023-05-27 | Blind SSRF in the Nextcloud Mail app on avatar endpoint |
| CVE-2023-26129 | 2023-05-27 | All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet... |
| CVE-2023-26128 | 2023-05-27 | All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. **Note:** To execute... |
| CVE-2023-26127 | 2023-05-27 | All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the... |
| CVE-2023-2922 | 2023-05-27 | SourceCodester Comment System GET Parameter index.php cross site scripting |
| CVE-2023-2923 | 2023-05-27 | Tenda AC6 fromDhcpListClient stack-based overflow |
| CVE-2023-2924 | 2023-05-27 | Supcon SimField reportupload.aspx unrestricted upload |
| CVE-2023-2925 | 2023-05-27 | Webkul krayin crm Edit Person Page 2 cross site scripting |
| CVE-2023-2926 | 2023-05-27 | SeaCMS Picture Upload member.php denial of service |
| CVE-2023-2927 | 2023-05-27 | JIZHICMS TemplateController.php index server-side request forgery |
| CVE-2023-2928 | 2023-05-27 | DedeCMS article_allowurl_edit.php code injection |
| CVE-2023-32695 | 2023-05-27 | Insufficient validation when decoding a Socket.IO packet |
| CVE-2023-29380 | 2023-05-28 | Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. |
| CVE-2023-2948 | 2023-05-28 | Cross-site Scripting (XSS) - Generic in openemr/openemr |
| CVE-2023-2949 | 2023-05-28 | Cross-site Scripting (XSS) - Reflected in openemr/openemr |
| CVE-2023-2950 | 2023-05-28 | Improper Authorization in openemr/openemr |
| CVE-2023-30350 | 2023-05-28 | FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password. |
| CVE-2023-30570 | 2023-05-28 | pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. |
| CVE-2023-31873 | 2023-05-28 | Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process'). |
| CVE-2023-31874 | 2023-05-28 | Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). |
| CVE-2023-32762 | 2023-05-28 | An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be... |
| CVE-2023-32763 | 2023-05-28 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout... |
| CVE-2023-33291 | 2023-05-28 | In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses... |
| CVE-2023-2951 | 2023-05-28 | code-projects Bus Dispatch and Information System delete_bus.php sql injection |
| CVE-2014-125101 | 2023-05-28 | Portfolio Gallery Plugin sql injection |
| CVE-2015-10106 | 2023-05-28 | mback2k mh_httpbl Extension index.php moduleContent sql injection |
| CVE-2023-33216 | 2023-05-28 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32958 | 2023-05-28 | WordPress Novelist Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) |