CVE List - 2023 / May
Showing 1301 - 1400 of 2420 CVEs for May 2023 (Page 14 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-1207 | 2023-05-15 | HTTP Headers < 1.18.8 - Admin+ SQL Injection |
| CVE-2023-1549 | 2023-05-15 | Ad Inserter < 2.7.27 - Admin+ PHP Object Injection |
| CVE-2023-0600 | 2023-05-15 | WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi |
| CVE-2023-0762 | 2023-05-15 | Clock In Portal <= 2.1 - Designation Deletion via CSRF |
| CVE-2023-1915 | 2023-05-15 | Thumbnail carousel slider < 1.1.10 - Reflected XSS |
| CVE-2023-0892 | 2023-05-15 | BizLibrary <= 1.1 - Admin+ Stored XSS |
| CVE-2023-2180 | 2023-05-15 | KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download |
| CVE-2023-2179 | 2023-05-15 | WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update |
| CVE-2023-1596 | 2023-05-15 | tagDiv Composer < 4.0 - Reflected Cross-site Scripting |
| CVE-2023-0763 | 2023-05-15 | Clock In Portal <= 2.1 - Holidays Deletion via CSRF |
| CVE-2023-0520 | 2023-05-15 | RapidExpCart <= 1.0 - Stored XSS via CSRF |
| CVE-2023-0812 | 2023-05-15 | Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure |
| CVE-2023-0490 | 2023-05-15 | f(x) TOC <= 1.1.0 - Contributor+ Stored XSS |
| CVE-2023-0644 | 2023-05-15 | PushAssist <= 3.0.8 - Reflected Cross-Site Scripting |
| CVE-2023-1890 | 2023-05-15 | Tablesome < 1.0.9 - Reflected XSS |
| CVE-2023-2009 | 2023-05-15 | Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings |
| CVE-2023-1019 | 2023-05-15 | Help Desk WP <= 1.2.0 - Editor+ Stored XSS |
| CVE-2023-0761 | 2023-05-15 | Clock In Portal <= 2.1 - Staff Deletion via CSRF |
| CVE-2022-4774 | 2023-05-15 | Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload |
| CVE-2023-1839 | 2023-05-15 | Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-1835 | 2023-05-15 | Ninja Forms < 3.6.22 - Reflected XSS |
| CVE-2023-0233 | 2023-05-15 | ActiveCampaign < 8.1.12 - Contributor+ Stored XSS |
| CVE-2023-32313 | 2023-05-15 | Inspect method manipulation in vm2 |
| CVE-2023-32314 | 2023-05-15 | Sandbox Escape |
| CVE-2023-32309 | 2023-05-15 | Arbitrary file inclusion with the pymdowm-snippets extension |
| CVE-2023-32308 | 2023-05-15 | SQL Injection Vulnerability in anuko timetracker |
| CVE-2023-32068 | 2023-05-15 | URL Redirection to Untrusted Site in XWiki |
| CVE-2023-31145 | 2023-05-15 | Reflected XSS vulnerability in CollaboraOnline |
| CVE-2023-31131 | 2023-05-15 | Arbitrary File Write when Extracting Tarballs in greenplum-db |
| CVE-2021-27131 | 2023-05-16 | Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due... |
| CVE-2023-25394 | 2023-05-16 | Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition.... |
| CVE-2023-2730 | 2023-05-16 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-27742 | 2023-05-16 | IDURAR ERP/CRM v1 was discovered to contain a SQL injection... |
| CVE-2023-29927 | 2023-05-16 | Versions of Sage 300 through 2022 implement role-based access controls... |
| CVE-2023-29961 | 2023-05-16 | D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack... |
| CVE-2023-30189 | 2023-05-16 | Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via... |
| CVE-2023-30281 | 2023-05-16 | Insecure permissions vulnerability was discovered, due to a lack of... |
| CVE-2023-30452 | 2023-05-16 | The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for... |
| CVE-2023-31519 | 2023-05-16 | Pharmacy Management System v1.0 was discovered to contain a SQL... |
| CVE-2023-31544 | 2023-05-16 | A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows... |
| CVE-2023-31572 | 2023-05-16 | An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change... |
| CVE-2023-31576 | 2023-05-16 | An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers... |
| CVE-2023-31587 | 2023-05-16 | Tenda AC5 router V15.03.06.28 was discovered to contain a remote... |
| CVE-2023-31677 | 2023-05-16 | Insecure permissions in luowice 3.5.18 allow attackers to view information... |
| CVE-2023-31678 | 2023-05-16 | Incorrect access control in Videogo v6.8.1 allows attackers to bind... |
| CVE-2023-31679 | 2023-05-16 | Incorrect access control in Videogo v6.8.1 allows attackers to access... |
| CVE-2023-31848 | 2023-05-16 | davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). |
| CVE-2023-31856 | 2023-05-16 | A command injection vulnerability in the hostTime parameter in the... |
| CVE-2023-31857 | 2023-05-16 | Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file... |
| CVE-2023-31890 | 2023-05-16 | An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker... |
| CVE-2023-2708 | 2023-05-16 | The Video Gallery plugin for WordPress is vulnerable to Reflected... |
| CVE-2023-2710 | 2023-05-16 | The video carousel slider with lightbox plugin for WordPress is... |
| CVE-2023-2161 | 2023-05-16 | A CWE-611: Improper Restriction of XML External Entity Reference vulnerability... |
| CVE-2023-32955 | 2023-05-16 | Improper neutralization of special elements used in an OS command... |
| CVE-2023-32956 | 2023-05-16 | Improper neutralization of special elements used in an OS command... |
| CVE-2023-23673 | 2023-05-16 | WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23676 | 2023-05-16 | WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2499 | 2023-05-16 | The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass... |
| CVE-2023-2548 | 2023-05-16 | The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct... |
| CVE-2023-23727 | 2023-05-16 | WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23641 | 2023-05-16 | WordPress Uji Popup Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23657 | 2023-05-16 | WordPress Mail Subscribe List Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23720 | 2023-05-16 | WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23709 | 2023-05-16 | WordPress WPJAM Basic Plugin <= 6.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23703 | 2023-05-16 | WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29439 | 2023-05-16 | WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2738 | 2023-05-16 | Tongda OA GatewayController.php actionGetdata unrestricted upload |
| CVE-2023-28076 | 2023-05-16 | CloudLink 7.1.2 and all prior versions contain a broken or... |
| CVE-2023-2739 | 2023-05-16 | Gira HomeServer hslist cross site scripting |
| CVE-2023-32977 | 2023-05-16 | Jenkins Pipeline: Job Plugin does not escape the display name... |
| CVE-2023-32978 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin... |
| CVE-2023-32979 | 2023-05-16 | Jenkins Email Extension Plugin does not perform a permission check... |
| CVE-2023-32980 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension... |
| CVE-2023-32981 | 2023-05-16 | An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps... |
| CVE-2023-32982 | 2023-05-16 | Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted... |
| CVE-2023-32983 | 2023-05-16 | Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra... |
| CVE-2023-32984 | 2023-05-16 | Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape... |
| CVE-2023-32985 | 2023-05-16 | Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict... |
| CVE-2023-32986 | 2023-05-16 | Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict... |
| CVE-2023-32987 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy... |
| CVE-2023-32988 | 2023-05-16 | A missing permission check in Jenkins Azure VM Agents Plugin... |
| CVE-2023-32989 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM... |
| CVE-2023-32990 | 2023-05-16 | A missing permission check in Jenkins Azure VM Agents Plugin... |
| CVE-2023-32991 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single... |
| CVE-2023-32992 | 2023-05-16 | Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin... |
| CVE-2023-32993 | 2023-05-16 | Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does... |
| CVE-2023-32994 | 2023-05-16 | Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally... |
| CVE-2023-32995 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single... |
| CVE-2023-32996 | 2023-05-16 | A missing permission check in Jenkins SAML Single Sign On(SSO)... |
| CVE-2023-32997 | 2023-05-16 | Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the... |
| CVE-2023-32998 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin... |
| CVE-2023-32999 | 2023-05-16 | A missing permission check in Jenkins AppSpider Plugin 1.0.15 and... |
| CVE-2023-33000 | 2023-05-16 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does... |
| CVE-2023-33001 | 2023-05-16 | Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly... |
| CVE-2023-33002 | 2023-05-16 | Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape... |
| CVE-2023-33003 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler... |
| CVE-2023-33004 | 2023-05-16 | A missing permission check in Jenkins Tag Profiler Plugin 0.2... |
| CVE-2023-33005 | 2023-05-16 | Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate... |
| CVE-2023-33006 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth... |
| CVE-2023-33007 | 2023-05-16 | Jenkins LoadComplete support Plugin 1.0 and earlier does not escape... |