CVE List - 2023 / May
Showing 1601 - 1700 of 2420 CVEs for May 2023 (Page 17 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-2716 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to,... |
| CVE-2023-2735 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping... |
| CVE-2023-2736 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This... |
| CVE-2023-2717 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This... |
| CVE-2023-2276 | 2023-05-20 | The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to... |
| CVE-2023-2822 | 2023-05-20 | Ellucian Ethos Identity logout cross site scripting |
| CVE-2023-2823 | 2023-05-20 | SourceCodester Class Scheduling System GET Parameter edit_subject.php sql injection |
| CVE-2023-2824 | 2023-05-20 | SourceCodester Dental Clinic Appointment Reservation System POST Parameter service.php cross site scripting |
| CVE-2023-2712 | 2023-05-20 | Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform. |
| CVE-2023-2713 | 2023-05-20 | IDOR vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform. |
| CVE-2023-1692 | 2023-05-20 | The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-1693 | 2023-05-20 | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-1694 | 2023-05-20 | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-1696 | 2023-05-20 | The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-24414 | 2023-05-20 | WordPress Robo Gallery Plugin <= 3.2.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23890 | 2023-05-20 | WordPress WP Airbnb Review Slider Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22689 | 2023-05-20 | WordPress Auto Affiliate Links Plugin <= 6.3 is vulnerable to Broken Access Control |
| CVE-2023-32589 | 2023-05-20 | WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47134 | 2023-05-20 | WordPress Gallery Metabox Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2021-46888 | 2023-05-21 | An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a... |
| CVE-2023-33252 | 2023-05-21 | iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. |
| CVE-2020-36694 | 2023-05-21 | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during... |
| CVE-2023-33250 | 2023-05-21 | The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. |
| CVE-2023-33251 | 2023-05-21 | When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or... |
| CVE-2023-33254 | 2023-05-21 | There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain.... |
| CVE-2023-2826 | 2023-05-21 | SourceCodester Class Scheduling System POST Parameter search_teacher_result.php cross site scripting |
| CVE-2023-2597 | 2023-05-22 | In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked... |
| CVE-2023-2837 | 2023-05-22 | Stack-based Buffer Overflow in gpac/gpac |
| CVE-2023-2838 | 2023-05-22 | Out-of-bounds Read in gpac/gpac |
| CVE-2023-2839 | 2023-05-22 | Divide By Zero in gpac/gpac |
| CVE-2023-2840 | 2023-05-22 | NULL Pointer Dereference in gpac/gpac |
| CVE-2023-28467 | 2023-05-22 | In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. |
| CVE-2023-29838 | 2023-05-22 | Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. |
| CVE-2023-31584 | 2023-05-22 | GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. |
| CVE-2023-31923 | 2023-05-22 | Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user... |
| CVE-2023-33264 | 2023-05-22 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some... |
| CVE-2023-33281 | 2023-05-22 | The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that... |
| CVE-2023-33285 | 2023-05-22 | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS... |
| CVE-2023-33293 | 2023-05-22 | An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can... |
| CVE-2023-33294 | 2023-05-22 | An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts... |
| CVE-2023-27066 | 2023-05-22 | Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. |
| CVE-2023-27067 | 2023-05-22 | Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx |
| CVE-2023-31689 | 2023-05-22 | In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary... |
| CVE-2023-31742 | 2023-05-22 | There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request... |
| CVE-2023-31779 | 2023-05-22 | Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature. |
| CVE-2023-31816 | 2023-05-22 | IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. |
| CVE-2023-33288 | 2023-05-22 | An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to... |
| CVE-2023-33297 | 2023-05-22 | Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited... |
| CVE-2023-32336 | 2023-05-22 | IBM InfoSphere Information Server code execution |
| CVE-2023-33235 | 2023-05-22 | MXsecurity Command Injection Vulnerability |
| CVE-2023-33236 | 2023-05-22 | MXsecurity Hardcoded Credential Vulnerability |
| CVE-2022-0010 | 2023-05-22 | QCS 800xA Vulnerability identified in system log files |
| CVE-2023-23813 | 2023-05-22 | WordPress My Calendar Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23712 | 2023-05-22 | WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23680 | 2023-05-22 | WordPress WP TopBar Plugin <= 5.36 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22688 | 2023-05-22 | WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22692 | 2023-05-22 | WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22709 | 2023-05-22 | WordPress SRS Simple Hits Counter Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22714 | 2023-05-22 | WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47142 | 2023-05-22 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47609 | 2023-05-22 | WordPress DNUI Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47611 | 2023-05-22 | WordPress Hover Image Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47183 | 2023-05-22 | WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47167 | 2023-05-22 | WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45376 | 2023-05-22 | WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45079 | 2023-05-22 | WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45076 | 2023-05-22 | WordPress Flexible Elementor Panel Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-44739 | 2023-05-22 | WordPress Quick Restaurant Reservations Plugin <= 1.5.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41608 | 2023-05-22 | WordPress Asgaros Forum Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23797 | 2023-05-22 | WordPress Auto YouTube Importer Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28709 | 2023-05-22 | Apache Tomcat: Fix for CVE-2023-24998 is incomplete |
| CVE-2023-2832 | 2023-05-22 | SQL Injection in unilogies/bumsys |
| CVE-2023-25537 | 2023-05-22 | Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges... |
| CVE-2023-31058 | 2023-05-22 | Apache InLong: JDBC URL bypassing by adding blanks |
| CVE-2023-31454 | 2023-05-22 | Apache InLong: IDOR make users can bind any cluster |
| CVE-2022-46680 | 2023-05-22 | A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept... |
| CVE-2023-31453 | 2023-05-22 | Apache InLong: IDOR make users can delete others' subscription |
| CVE-2023-31206 | 2023-05-22 | Apache InLong: Attackers can change the immutable name and type of nodes |
| CVE-2023-25447 | 2023-05-22 | WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25448 | 2023-05-22 | WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32346 | 2023-05-22 | Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a... |
| CVE-2023-32347 | 2023-05-22 | Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective... |
| CVE-2023-32348 | 2023-05-22 | Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that... |
| CVE-2023-2586 | 2023-05-22 | Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature"... |
| CVE-2023-2587 | 2023-05-22 | Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial... |
| CVE-2023-2588 | 2023-05-22 | Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can... |
| CVE-2023-32349 | 2023-05-22 | Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an... |
| CVE-2023-31103 | 2023-05-22 | Apache InLong: Attackers can change the immutable name and type of cluster |
| CVE-2023-32350 | 2023-05-22 | Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable... |
| CVE-2023-31101 | 2023-05-22 | Apache InLong: Users who joined later can see the data of deleted users |
| CVE-2023-31098 | 2023-05-22 | Apache InLong: Weak Password Implementation in InLong |
| CVE-2023-31066 | 2023-05-22 | Apache InLong: Insecure direct object references for inlong sources |
| CVE-2023-31065 | 2023-05-22 | Apache InLong: Insufficient Session Expiration in InLong |
| CVE-2023-31064 | 2023-05-22 | Apache InLong: Insecurity direct object references cancelling applications |
| CVE-2023-31062 | 2023-05-22 | Apache InLong: Privilege escalation vulnerability for InLong |
| CVE-2023-28649 | 2023-05-22 | The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could... |
| CVE-2023-28412 | 2023-05-22 | When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and... |
| CVE-2023-31241 | 2023-05-22 | Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. |
| CVE-2023-31193 | 2023-05-22 | Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to... |
| CVE-2023-28386 | 2023-05-22 | Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using... |