CVE List - 2023 / May
Showing 1401 - 1500 of 2420 CVEs for May 2023 (Page 15 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-2196 | 2023-05-16 | Missing permission checks in Code Dx Plugin |
| CVE-2023-2632 | 2023-05-16 | API keys stored and displayed in plain text by Code Dx Plugin |
| CVE-2023-2633 | 2023-05-16 | API keys stored and displayed in plain text by Code Dx Plugin |
| CVE-2023-2195 | 2023-05-16 | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-2631 | 2023-05-16 | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-2721 | 2023-05-16 | Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2023-2722 | 2023-05-16 | Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security... |
| CVE-2023-2723 | 2023-05-16 | Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-2724 | 2023-05-16 | Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-2725 | 2023-05-16 | Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2023-2726 | 2023-05-16 | Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a... |
| CVE-2023-30501 | 2023-05-16 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30502 | 2023-05-16 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30503 | 2023-05-16 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30504 | 2023-05-16 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30505 | 2023-05-16 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30506 | 2023-05-16 | Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30507 | 2023-05-16 | Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30508 | 2023-05-16 | Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30509 | 2023-05-16 | Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface |
| CVE-2023-30510 | 2023-05-16 | Authenticated Server-side Request Forgery in Aruba EdgeConnect Enterprise Web Management Interface |
| CVE-2023-2528 | 2023-05-16 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation... |
| CVE-2023-2752 | 2023-05-17 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-31698 | 2023-05-17 | Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to... |
| CVE-2023-31699 | 2023-05-17 | ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file. |
| CVE-2023-31700 | 2023-05-17 | TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. |
| CVE-2023-31701 | 2023-05-17 | TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. |
| CVE-2023-31702 | 2023-05-17 | SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution... |
| CVE-2023-31703 | 2023-05-17 | Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. |
| CVE-2023-31722 | 2023-05-17 | There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). |
| CVE-2023-31723 | 2023-05-17 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c. |
| CVE-2023-31724 | 2023-05-17 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c. |
| CVE-2023-31725 | 2023-05-17 | yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. |
| CVE-2023-31847 | 2023-05-17 | In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side. |
| CVE-2023-31902 | 2023-05-17 | RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE). |
| CVE-2023-31904 | 2023-05-17 | savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion. |
| CVE-2023-32767 | 2023-05-17 | The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. |
| CVE-2022-42336 | 2023-05-17 | Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is... |
| CVE-2022-45144 | 2023-05-17 | Algoo Tracim before 4.4.2 allows XSS via HTML file upload. |
| CVE-2023-1763 | 2023-05-17 | Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information... |
| CVE-2023-1764 | 2023-05-17 | Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information... |
| CVE-2023-1859 | 2023-05-17 | A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due... |
| CVE-2023-1972 | 2023-05-17 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. |
| CVE-2023-2203 | 2023-05-17 | A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted... |
| CVE-2023-2295 | 2023-05-17 | A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is... |
| CVE-2023-2319 | 2023-05-17 | It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue... |
| CVE-2023-2491 | 2023-05-17 | A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists... |
| CVE-2023-27233 | 2023-05-17 | Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. |
| CVE-2023-2731 | 2023-05-17 | A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the... |
| CVE-2023-2753 | 2023-05-17 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-2756 | 2023-05-17 | SQL Injection in pimcore/customer-data-framework |
| CVE-2023-2780 | 2023-05-17 | Path Traversal: '\..\filename' in mlflow/mlflow |
| CVE-2023-29837 | 2023-05-17 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page. |
| CVE-2023-30191 | 2023-05-17 | PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent(). |
| CVE-2023-31903 | 2023-05-17 | GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. |
| CVE-2023-2706 | 2023-05-17 | The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use... |
| CVE-2023-2608 | 2023-05-17 | The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including,... |
| CVE-2023-2509 | 2023-05-17 | A Cross-Site Scripting(XSS) vulnerability was found on ADM |
| CVE-2023-0863 | 2023-05-17 | Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed, |
| CVE-2023-0864 | 2023-05-17 | Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE). |
| CVE-2023-31208 | 2023-05-17 | Livestatus command injection in RestAPI |
| CVE-2023-2745 | 2023-05-17 | WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In... |
| CVE-2023-30438 | 2023-05-17 | IBM PowerVM gain access |
| CVE-2023-2679 | 2023-05-17 | Data leakage in Adobe connector for SPE edition of SLM |
| CVE-2023-22348 | 2023-05-17 | Reading host_configs does not honour contact groups |
| CVE-2023-2765 | 2023-05-17 | Weaver OA downfile.php absolute path traversal |
| CVE-2023-2766 | 2023-05-17 | Weaver OA jx2_config.ini file access |
| CVE-2023-2768 | 2023-05-17 | Sucms cross site scripting |
| CVE-2023-31135 | 2023-05-17 | Dgraph Audit Log Encryption nonce reuse |
| CVE-2023-26044 | 2023-05-17 | ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits |
| CVE-2023-2769 | 2023-05-17 | SourceCodester Service Provider Management System sql injection |
| CVE-2023-24805 | 2023-05-17 | Command injection in cups-filters |
| CVE-2023-2770 | 2023-05-17 | SourceCodester Online Exam System data sql injection |
| CVE-2023-2771 | 2023-05-17 | SourceCodester Online Exam System data sql injection |
| CVE-2023-2772 | 2023-05-17 | SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection |
| CVE-2023-2773 | 2023-05-17 | code-projects Bus Dispatch and Information System view_admin.php sql injection |
| CVE-2023-2774 | 2023-05-17 | code-projects Bus Dispatch and Information System view_branch.php sql injection |
| CVE-2023-2775 | 2023-05-17 | code-projects Bus Dispatch and Information System adminHome.php sql injection |
| CVE-2023-2776 | 2023-05-17 | code-projects Simple Photo Gallery unrestricted upload |
| CVE-2019-25137 | 2023-05-18 | Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. |
| CVE-2022-4870 | 2023-05-18 | In affected versions of Octopus Deploy it is possible to discover network details via error message |
| CVE-2023-20003 | 2023-05-18 | Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability |
| CVE-2023-20024 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20077 | 2023-05-18 | Cisco Identity Services Engine Arbitrary File Download Vulnerabilities |
| CVE-2023-20087 | 2023-05-18 | Cisco Identity Services Engine Arbitrary File Download Vulnerabilities |
| CVE-2023-20106 | 2023-05-18 | Cisco Identity Services Engine Arbitrary File Delete and File Read Vulnerabilities |
| CVE-2023-20110 | 2023-05-18 | Cisco Smart Software Manager On-Prem SQL Injection Vulnerability |
| CVE-2023-20156 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20157 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20158 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20159 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20160 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20161 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20162 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-20163 | 2023-05-18 | Cisco Identity Services Engine Command Injection Vulnerabilities |
| CVE-2023-20164 | 2023-05-18 | Cisco Identity Services Engine Command Injection Vulnerabilities |
| CVE-2023-20166 | 2023-05-18 | Cisco Identity Services Engine Path Traversal Vulnerabilities |
| CVE-2023-20167 | 2023-05-18 | Cisco Identity Services Engine Path Traversal Vulnerabilities |
| CVE-2023-20171 | 2023-05-18 | Cisco Identity Services Engine Arbitrary File Delete and File Read Vulnerabilities |
| CVE-2023-20172 | 2023-05-18 | Cisco Identity Services Engine Arbitrary File Delete and File Read Vulnerabilities |