CVE List - 2023 / May
Showing 2001 - 2100 of 2420 CVEs for May 2023 (Page 21 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-2825 | 2023-05-26 | An issue has been discovered in GitLab CE/EE affecting only... |
| CVE-2023-28319 | 2023-05-26 | A use after free vulnerability exists in curl <v8.1.0 in... |
| CVE-2023-28320 | 2023-05-26 | A denial of service vulnerability exists in curl <v8.1.0 in... |
| CVE-2023-28321 | 2023-05-26 | An improper certificate validation vulnerability exists in curl <v8.1.0 in... |
| CVE-2023-28322 | 2023-05-26 | An information disclosure vulnerability exists in curl <v8.1.0 when doing... |
| CVE-2023-28382 | 2023-05-26 | Directory traversal vulnerability in ESS REC Agent Server Edition series... |
| CVE-2023-2854 | 2023-05-26 | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and... |
| CVE-2023-2855 | 2023-05-26 | Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and... |
| CVE-2023-2856 | 2023-05-26 | VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5... |
| CVE-2023-2857 | 2023-05-26 | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and... |
| CVE-2023-2858 | 2023-05-26 | NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and... |
| CVE-2023-2879 | 2023-05-26 | GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0... |
| CVE-2023-2898 | 2023-05-26 | There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c... |
| CVE-2023-30145 | 2023-05-26 | Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template... |
| CVE-2023-31225 | 2023-05-26 | The Gallery app has the risk of hijacking attacks. Successful... |
| CVE-2023-31226 | 2023-05-26 | The SDK for the MediaPlaybackController module has improper permission verification.... |
| CVE-2023-31227 | 2023-05-26 | The hwPartsDFR module has a vulnerability in API calling verification.... |
| CVE-2023-33247 | 2023-05-26 | Talend Data Catalog remote harvesting server before 8.0-20230413 contains a... |
| CVE-2023-33255 | 2023-05-26 | An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input... |
| CVE-2023-33394 | 2023-05-26 | skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers... |
| CVE-2023-33439 | 2023-05-26 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection... |
| CVE-2023-33440 | 2023-05-26 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code... |
| CVE-2023-33720 | 2023-05-26 | mp4v2 v2.1.2 was discovered to contain a memory leak via... |
| CVE-2023-33779 | 2023-05-26 | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users... |
| CVE-2023-33780 | 2023-05-26 | A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS... |
| CVE-2023-23714 | 2023-05-26 | WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25971 | 2023-05-26 | WordPress Educare – Students & Result Management System Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25976 | 2023-05-26 | WordPress Integration for Contact Form 7 and Zoho CRM, Bigin Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25781 | 2023-05-26 | WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24007 | 2023-05-26 | WordPress Admin Block Country Plugin <= 7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25038 | 2023-05-26 | WordPress For the visually impaired Plugin <= 0.58 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22693 | 2023-05-26 | WordPress WP Google Tag Manager Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24008 | 2023-05-26 | WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32323 | 2023-05-26 | Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites |
| CVE-2022-39335 | 2023-05-26 | Synapse does not apply enough checks to servers requesting auth events of events in a room |
| CVE-2022-39374 | 2023-05-26 | Synapse Denial of service due to incorrect application of event authorization rules during state resolution |
| CVE-2023-25029 | 2023-05-26 | WordPress WP Social Bookmarking Light Plugin <= 2.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25470 | 2023-05-26 | WordPress Rus-To-Lat Plugin <= 0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25467 | 2023-05-26 | WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25034 | 2023-05-26 | WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25058 | 2023-05-26 | WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29098 | 2023-05-26 | WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32964 | 2023-05-26 | WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32681 | 2023-05-26 | Unintended leak of Proxy-Authorization header in requests |
| CVE-2023-32318 | 2023-05-26 | User session not correctly destroyed on logout |
| CVE-2023-33197 | 2023-05-26 | Craft CMS stored XSS in indexedVolumes |
| CVE-2023-33185 | 2023-05-26 | Incorrect signature verification in django-ses |
| CVE-2023-33187 | 2023-05-26 | highlight vulnerable to cleartext transmission of sensitive information |
| CVE-2023-33196 | 2023-05-26 | Craft CMS stored XSS in review volume |
| CVE-2023-33194 | 2023-05-26 | CraftCMS stored XSS in Quick Post widget error message |
| CVE-2023-31128 | 2023-05-26 | NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection |
| CVE-2023-32307 | 2023-05-26 | heap-over-flow and integer-overflow in sofia-sip |
| CVE-2023-32311 | 2023-05-26 | The CloudExplorer Lite missing permissions check |
| CVE-2023-32315 | 2023-05-26 | Openfire administration console authentication bypass |
| CVE-2023-32316 | 2023-05-26 | Users can add themselves to any organization in CloudExplorer Lite |
| CVE-2023-32317 | 2023-05-26 | Autolab tar slip in cheat checker functionality (`GHSL-2023-082`) |
| CVE-2023-32676 | 2023-05-26 | Autolab tar slip in Install Assessment functionality (`GHSL-2023-081`) |
| CVE-2023-32319 | 2023-05-26 | Basic auth header on WebDAV requests is not brute-force protected in Nextcloud |
| CVE-2023-33199 | 2023-05-26 | malformed proposed intoto v0.0.2 entries can cause a panic in Rekor |
| CVE-2023-32321 | 2023-05-26 | CKAN remote code execution and private information access via crafted resource ids |
| CVE-2023-32325 | 2023-05-26 | Cross-site scripting in PostHog-js |
| CVE-2015-20108 | 2023-05-27 | xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows... |
| CVE-2023-2942 | 2023-05-27 | Improper Input Validation in openemr/openemr |
| CVE-2023-2943 | 2023-05-27 | Code Injection in openemr/openemr |
| CVE-2023-2944 | 2023-05-27 | Improper Access Control in openemr/openemr |
| CVE-2023-2945 | 2023-05-27 | Missing Authorization in openemr/openemr |
| CVE-2023-2946 | 2023-05-27 | Improper Access Control in openemr/openemr |
| CVE-2023-2947 | 2023-05-27 | Cross-site Scripting (XSS) - Stored in openemr/openemr |
| CVE-2023-32688 | 2023-05-27 | Invalid push request payload crashes Parse Server |
| CVE-2023-33188 | 2023-05-27 | Uncontrolled data used in content resolution |
| CVE-2023-33195 | 2023-05-27 | Craft CMS XSS in RSS widget feed |
| CVE-2023-33192 | 2023-05-27 | Improper handling of NTS cookie length that could crash the ntpd-rs server |
| CVE-2023-32686 | 2023-05-27 | kiwitcms vulnerable to stored XSS via unrestricted files upload |
| CVE-2023-33184 | 2023-05-27 | Blind SSRF in the Nextcloud Mail app on avatar endpoint |
| CVE-2023-26129 | 2023-05-27 | All versions of the package bwm-ng are vulnerable to Command... |
| CVE-2023-26128 | 2023-05-27 | All versions of the package keep-module-latest are vulnerable to Command... |
| CVE-2023-26127 | 2023-05-27 | All versions of the package n158 are vulnerable to Command... |
| CVE-2023-2922 | 2023-05-27 | SourceCodester Comment System GET Parameter index.php cross site scripting |
| CVE-2023-2923 | 2023-05-27 | Tenda AC6 fromDhcpListClient stack-based overflow |
| CVE-2023-2924 | 2023-05-27 | Supcon SimField reportupload.aspx unrestricted upload |
| CVE-2023-2925 | 2023-05-27 | Webkul krayin crm Edit Person Page 2 cross site scripting |
| CVE-2023-2926 | 2023-05-27 | SeaCMS Picture Upload member.php denial of service |
| CVE-2023-2927 | 2023-05-27 | JIZHICMS TemplateController.php index server-side request forgery |
| CVE-2023-2928 | 2023-05-27 | DedeCMS article_allowurl_edit.php code injection |
| CVE-2023-32695 | 2023-05-27 | Insufficient validation when decoding a Socket.IO packet |
| CVE-2023-29380 | 2023-05-28 | Warpinator before 1.6.0 allows remote file deletion via directory traversal... |
| CVE-2023-2948 | 2023-05-28 | Cross-site Scripting (XSS) - Generic in openemr/openemr |
| CVE-2023-2949 | 2023-05-28 | Cross-site Scripting (XSS) - Reflected in openemr/openemr |
| CVE-2023-2950 | 2023-05-28 | Improper Authorization in openemr/openemr |
| CVE-2023-30350 | 2023-05-28 | FS S3900-24T4S devices allow authenticated attackers with guest access to... |
| CVE-2023-30570 | 2023-05-28 | pluto in Libreswan before 4.11 allows a denial of service... |
| CVE-2023-31873 | 2023-05-28 | Gin 0.7.4 allows execution of arbitrary code when a crafted... |
| CVE-2023-31874 | 2023-05-28 | Yank Note (YN) 3.52.1 allows execution of arbitrary code when... |
| CVE-2023-32762 | 2023-05-28 | An issue was discovered in Qt before 5.15.14, 6.x before... |
| CVE-2023-32763 | 2023-05-28 | An issue was discovered in Qt before 5.15.15, 6.x before... |
| CVE-2023-33291 | 2023-05-28 | In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow... |
| CVE-2023-2951 | 2023-05-28 | code-projects Bus Dispatch and Information System delete_bus.php sql injection |
| CVE-2014-125101 | 2023-05-28 | Portfolio Gallery Plugin sql injection |
| CVE-2015-10106 | 2023-05-28 | mback2k mh_httpbl Extension index.php moduleContent sql injection |
| CVE-2023-33216 | 2023-05-28 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS) |